Loans.co.ukhas identified the source
of adatabase breachwhich led to the
personal details of customers being passed on to rival
companies.
The company said this week that an audit of its IT systems had
shown an employee had accessed the company database without
authorisation.
"Loans.co.uk has controls and systems in place to protect
individuals' information, and this is evidenced by the fact that
these systems detected unauthorised activity on the database," said
a spokeswomen.
Customers had complained of receiving unwanted calls from other
loan companies and their identities could be used by fraudsters. It
then emerged that customer details, including names addresses and
telephone numbers, had been passed on without authorisation.
"No organisation can guarantee that they are fully protected
against data theft, and most will struggle if an individual in a
trusted position decides to act without authority," the company
said.
Mike Maddison, UK head of security and privacy services at
analyst firm Deloitte, said all organisations face challenges from
within, and there is no such thing as 100% security. "But putting
the right sort of preventative and detective controls in place can
act as a deterrent," he said.
Loans.co.uk initially passed details of the security breach to
Hertfordshire Police and industry regulator the
Financial Services Authority. They advised the company to
consult the Information Commissioner's Office, which is now
investigating the breach.
A spokesman for the ICO said it would help Loans.co.uk to ensure
that this does not happen again. He added that individuals within
companies can be prosecuted for breaching the Data Protection
Act.