Barclays owned credit-card firm
Goldfish has sent the wrong
account details to customers after a processing error at the
printer the company uses to process statements.
The company said a processing error meant the statements were
printed incorrectly. The front page was correct, but subsequent
pages contained the account information of other people.
"Customers will be receiving a correct statement within the next
few days, as well as a letter of apology. We are taking steps to
ensure that this does not happen again," said Goldfish in a
statement.
A spokesman from the Information Commissioner's Office (ICO)
said it was investigating the matter.
"We are looking in to this incident and will require an
explanation of what has gone wrong and the steps that are being
taken to prevent a similar data breach in the future. The ICO has
powers to take enforcement action against organisations which fail
to meet their obligations under the Data Protection Act," it
said.
The incident has highlighted the importance of financial
services firms checking the processes and procedures of companies
to which they outsource back office functions.
According to the
Financial Service Authority's (FSA) Data Security in Financial
Services 2008 report, which analysed 39 companies across the
sector, nearly all firms questioned rely on IT support from third
parties.
The financial services watchdog said it was a "major concern"
that firms are not checking that outsourcing suppliers have the
right IT security and policies in place for handling their
customers' details.
Goldfish is not the first financial services firm to mix up the
details of its customers in the printing and processing of customer
correspondence. In November, Allied Irish Bank (AIB)
sent 15,000 payment advice slips to the wrong addresses
following a technical problem.