http://www.computerworld.com/securitytopics/security/story/0,10801,107808,00.html By James Niccolai JANUARY 17, 2006 IDG NEWS SERVICE The U.K. banks whose customer data was allegedly stolen from an Indian call center and sold to an undercover reporter last year will face no charges, a spokesman for the U.K. Information Commissioner's Office said. The office, which helps enforce the U.K.'s 1998 Data Protection Act, has received no complaints about the alleged data theft since it was reported by the Sun newspaper last June, and has also not seen evidence that the incident took place, the spokesman said. "We haven't been able to get [evidence] from the Sun," the spokesman said Monday. "Without any further information, there's really no case." The Commissioner's Office concluded from its investigations that security policies at the Indian call centers were sufficient, the spokesman said. According to the Sun story last year, the undercover reporter bought information relating to 1,000 bank accounts from a seller who said he had gathered the data from contacts at call centers in Delhi. The data pertained to accounts held in British banks that had outsourced work to call center companies in and around Delhi, the tabloid newspaper said. The seller, identified by the Sun as Kkaran Bahree, told the reporter that he could provide 200,000 more account details per month, the Sun reported. Police in Delhi have said they could not arrest Bahree because they received no formal complaint from the call-center companies, the banks or their customers. India's National Association of Software and Service Companies has also said it never received a complaint, and Bahree was never charged See (See "No complaints filed over data theft in India" [1]). Bahree has claimed that he gave the Sun reporter a CD at the insistence of a friend without knowing that it held classified contents. One NASSCOM official has accused the newspaper of conducting a "sting operation" in order to tarnish the reputation of India's outsourcing industry. The Sun has said it turned over information about the incident, including the names of the banks involved, to the City of London Police. However, the City of London Police has said it had no jurisdiction to bring prosecution in the U.K. and that it passed the information on to the Indian authorities. The spokesman for the Information Commissioner said the case could be reopened if complaints or evidence relating to the data theft turn up. [1] http://www.computerworld.com/industrytopics/financial/story/0,10801,104003,00.html _________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Wed Jan 18 2006 - 01:24:12 PST