POLICE are investigating the alleged leak of highly sensitive personal data from Barclays Bank, which has put 2,000 customers at risk.
The bank has said the sale of details of customers’ earnings, savings, mortgages, health issues and insurance policies to rogue traders appears to have been a “criminal” act.
The leak was exposed by an anonymous whistleblower who claimed up to 27,000 files had been leaked and could be sold by shady salesmen for up to £50 per file.
Each report is about 20 pages long, and among the victims are reported to be doctors, businessmen, scientists, a musician and a cleaner.
Barclays would not say how many Scottish customers may have been affected, but stressed the stolen list is six years old and some of the details may be out of date.
Both City of London Police and the Information Commissioner’s Office (ICO) are investigating.
Any organisations that have failed to protect customers data can be hit with fines of £500,000.
Anyone facing a criminal charge of illegally accessing data faces a maximum penalty of £5,000. The ICO has been pushing for stiffer penalties.
All the customers whose details have been leaked had sought financial advice from the bank, and passed on their details during meetings with an adviser.
Select traders were reportedly given the “Barclays leads” and from December 2012 to September last year a number of victims were persuaded to buy rare earth metals that did not exist, it is claimed.
The whistleblower – who claims to have been trained by Jordan Belfort, played by Leonardo di Caprio in Hollywood blockbuster The Wolf of Wall Street – estimates up to 1,000 people could have been “scammed”.
A Barclays spokeswoman said: “We contacted the Information Commissioner and other regulators on Friday as soon as we were made aware.
“Our initial investigations suggest this is isolated to customers linked to our Barclays Financial Planning business which we ceased operating as a service in 2011.
“We will take all necessary steps to contact and advise those customers as soon as possible so that they can also ensure the safety of their personal data.
“Protecting our customers’ data is a top priority and we take this issue extremely seriously. This appears to be criminal action and we will co-operate with the authorities on pursuing the perpetrator.
“We would like to reassure all of our customers that we have taken every practical measure to ensure that personal and financial details remain as safe and secure as possible.”
A source for the bank said it had not yet verified that the memory stick contained 2,000 files, or how much information was on the files, and there was no evidence yet that 27,000 were involved.
A spokesman for the ICO said: “It’s crucial that people’s personal information is properly looked after.
“We’ll be working with the Mail on Sunday this week to get further details of what has happened here, as well as working with the police.”
A police spokesman added: “City of London police have been contacted by Barclays and will be liaising further with them and other parties about this matter.”
The revelations come as a blow to Barclays’s reputation. Unlike RBS and Lloyds TSB, Barclays narrowly avoided having to request a government bailout late in 2008 after it was rescued by £7bn worth of new investment.
Barclays has about 20 branches in Scotland and recent estimates found it provides retail financial services to more than 200,000 customers.