http://www.itpro.co.uk/security/news/124958/loans-website-suffers-security-breach.html By Miya Knights and Rene Millman 14th September 2007 UK online loans company, Loans.co.uk has said it suffered a security breach that has resulted in customer details being passed to other loan companies without authorisation. The company said it recently learned of the breach and has contacted affected customers, although it would not say how many were affected. It did say sensitive information including names, addresses and dates of birth was compromised however. "We have no evidence to suggest that this information has been used for any purpose other than marketing activity," said the company in a statement. "The individuals are people who applied to us for a loan, but we are not aware of any existing customers' details being provided." The company has offered customers involved a year's free subscription to credit reference agency, Credit Expert so they might check if any fraudulent claims or applications are made using their details. The Watford-based company refused to give any further details on the nature of the breach, instead saying the matter had been passed onto local Hertfordshire police and Information Commissioner's Office (ICO) for further investigation. Industry commentators said that this latest breach was a wake-up call to businesses and should make them adopt stricter measures and working practices to protect confidential data. "Companies that fail to meet the requirements of the Data Protection Act, not only face the threat of action from the Information Commissioner, but also run the risk of losing the trust and confidence of their customers," said Paul Skinner, senior ICT underwriting specialist at Chubb Insurance. Skinner said that ICO has made it clear that breaches are unacceptable and that violations are likely to result in criminal prosecution in the future. "With the ICO calling for stronger powers, this is likely to become an increasingly common scenario, especially if legislation makes it compulsory for companies to give notification of a breach," he said.
This archive was generated by hypermail 2.1.3 : Sun Sep 16 2007 - 22:38:43 PDT