To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://services.silicon.com/offshoring/0,3800004877,39155588,00.htm

UK banks escape punishment over India data breach
Data protection watchdog investigation finds no evidence

By Andy McCue

Published: Friday 13 January 2006

UK banks will not face any action over a data breach in an Indian call centre last year, where an undercover newspaper reporter was allegedly sold bank and credit card details of 1,000 customers.

The reporter was able to buy bank account, credit card, passport and driving licence details of UK bank customers for just £4.25 each with the New Delhi call centre worker promising he could supply confidential data from 200,000 accounts per month.

The UK's data protection watchdog the Information Commissioner (IC) warned at the time that the banks could face prosecution for a criminal breach of the Data Protection Act.

But following an investigation the IC said there was no evidence that any personal information was compromised and said it will not be taking action against any of the banks involved in the sting.

A spokesman for the IC told silicon.com: "We have no evidence to go on at the moment and we are not in a position to take further action."

He said the investigation also found the security procedures at the Indian call centre involved in the data leak to be "robust".

The City of London police said from the outset it was unable to deal with allegations because it has no jurisdiction outside of the UK.

Banking watchdog the Financial Services Authority also showed little enthusiasm for an investigation, saying at the time: "Our concerns are whether adequate security controls were in place but a determined fraudster is always going to get through."