[ISN] Loans website suffers security breach

From: InfoSec News (alerts@private)
Date: Sun Sep 16 2007 - 22:18:11 PDT


By Miya Knights and Rene Millman 
14th September 2007

UK online loans company, Loans.co.uk has said it suffered a security 
breach that has resulted in customer details being passed to other loan 
companies without authorisation.

The company said it recently learned of the breach and has contacted 
affected customers, although it would not say how many were affected. It 
did say sensitive information including names, addresses and dates of 
birth was compromised however.

"We have no evidence to suggest that this information has been used for 
any purpose other than marketing activity," said the company in a 
statement. "The individuals are people who applied to us for a loan, but 
we are not aware of any existing customers' details being provided."

The company has offered customers involved a year's free subscription to 
credit reference agency, Credit Expert so they might check if any 
fraudulent claims or applications are made using their details.

The Watford-based company refused to give any further details on the 
nature of the breach, instead saying the matter had been passed onto 
local Hertfordshire police and Information Commissioner's Office (ICO) 
for further investigation.

Industry commentators said that this latest breach was a wake-up call to 
businesses and should make them adopt stricter measures and working 
practices to protect confidential data.

"Companies that fail to meet the requirements of the Data Protection 
Act, not only face the threat of action from the Information 
Commissioner, but also run the risk of losing the trust and confidence 
of their customers," said Paul Skinner, senior ICT underwriting 
specialist at Chubb Insurance.

Skinner said that ICO has made it clear that breaches are unacceptable 
and that violations are likely to result in criminal prosecution in the 

"With the ICO calling for stronger powers, this is likely to become an 
increasingly common scenario, especially if legislation makes it 
compulsory for companies to give notification of a breach," he said.

This archive was generated by hypermail 2.1.3 : Sun Sep 16 2007 - 22:38:43 PDT