Barclays has to pay £250 in compensation to 2,000 customers after their personal data was found on a USB stick at a flat in England.Mark James, Security Specialist at IT Security Firm ESET discusses the issue and whether the compensation that Barclays is offering is enough.
Mark James, Security Specialist at IT Security Firm ESET :
Is it appropriate for Barclays to store such data on USB sticks?
“If data needs to be moved from one location to another or backed up for transit from one system to another then you are limited to the actual means to do so. With that said though, a USB stick would not be my choice of tool for the job regardless of whether encryption was used or not. This was supposedly information taken down during financial planning meetings back in 2009 and would almost certainly contain very personal and private information that could be used for identity theft or targeted attacks.”
What could be the worst case scenario for the victims and is £250 enough to compensate?
“No money can be deemed enough for a private data breach, if your details have been leaked and are being used for malicious acts then £250 is not going to help at all. It’s good they are offering a data checking scheme to protect anyone who may think they have or may be a victim of identity fraud but 6 years is a long time and it won’t help anyone who is already a victim and has lost finances due to this breach.”
What lessons can organisations take from this?
“The most important thing to take from this is how we monitor and keep safe our data, making sure limitations are in place to ensure all copies are accounted for and only stored where it absolutely has to. Encryption is a must for any sensitive information but user awareness is paramount if we want to stop these types of loss in the future.”
Is it possible that some user details have been used in cybercrime and the users still don’t know about it?
“Yes definitely, this information could already be used for identity theft or lead to other cybercrime. With so many instances of our data getting stolen or leaked, it’s hard to tell where it actually came from originally unless it’s very specific information in the first place.”
Is there anything people can do to protect themselves from such occurrences?
“Unfortunately, if we want bank accounts or other financial services then we are at the mercy of the institute offering that service. Their ability to protect our data should be the number one goal in keeping our business, making sure we are aware of breaches when they happen and putting in place any measures to hopefully stop it from happening again will help to put your mind at rest. Spreading your finance load may help if one bank gets breached, that way it may not affect all your accounts. Also monitor your finances regularly and be very mindful of what you do with any old paperwork that may have personal information stored on it. Signing up to a credit monitoring service may help to protect you if things start going wrong.”[su_box title=”About ESET” style=”noise” box_color=”#336588″]
ESET is a pioneer of proactive protection against cyber threats with its award-winning NOD32 technology. Daily, it protects over 100 million computers, laptops, smartphones, tablets and servers, no matter the operating system. ESET solutions for home and business segment deliver a continual and consistent level of protection against a vast array of existing and emerging threats.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.