Skip to main content

Banking industry comes under fire for number of data breaches reported to ICO

According to Egress Software Technologies, there has been a huge rise in reported data breach investigations in the banking industry.

Egress, a provider of encryption services, made a Freedom of Information request to the ICO to obtain the figures, which showed a 183 per cent rise in reported Data Protection Act breach investigations in the financial services industry over the last two years.

The vast majority of those occurred in 2014, with no less than 585 separate incidents (of the 791 total) being reported last year alone, which was over three times the amount of reports from the legal industry.

All of the major banks in the UK without exception have reported multiple breaches, with the ICO exacting fines totalling £455,000 against financial firms (of the total penalties of £7.5 million which the Information Commissioner has hit UK companies with).

Egress notes that after the new EU data protection rules come into force, these numbers are likely to rise, and quite possibly by a considerable amount, with the ICO able to impose even bigger penalties.

Egress CEO Tony Pepper commented: “The financial services industry has a responsibility to us all to ensure that the information they manage on our behalf, including bank accounts, mortgages and insurance policies is protected in a highly secure way. Today’s report, however, casts some major concerns over the mistakes they’re making with the information entrusted to them, whether that be citizens’ personal details or highly confidential reports about the economic future of the country.

“It is staggering to see financial services firms reporting more than three times the number of incidents than the legal sector, which has recently come under targeted fire from the ICO. Today’s findings suggest that similar, if not harsher, criticism ought to be levied at the banks, building societies and insurance firms too.”

He further warned: “With planned reforms to EU General Data Protection Regulations, the financial services industry must take action now or risk falling foul of laws that could see much tougher penalties handed out for a data breach.”