Data taken from

Watford-based has admitted to a security breech as customer details have been passed on without authorisation.

Watford-based has admitted to a security breech as customer details have been passed on without authorisation. said in a statement, "We recently learned that some individuals' information has been provided to other loan companies outside our group without authorisation. We have no evidence to suggest that this information has been used for any purpose other than marketing activity."

The company said the data stolen related to individuals who have applied for a loan and the company is not aware of any existing customers' details being provided.

Hertfordshire police were approached by the loan company and has advised this is a matter for the Information Commissioners Office (ICO).

"Any contravention of section 55 of the data protection act, including the misappropriation and further sale of such personal data is dealt with by this organisation, and not the police," said a police statement. "Customers concerned about this should report directly to If anyone has reason to believe that their personal data may be being used fraudulently, please report it to your local police force."

The case highlighted the importance of securing data wherever it resides as companies risk action from the information commissioner or other industry bodies as well as damaging their reputation.

Paul Skinner, Senior ICT Underwriting Specialist at Chubb Insurance, the case should act as a wake-up call to businesses throughout the country.

He said they should "adopt stricter measures and working practices to protect confidential data."

"The ICO has made it clear that breaches are unacceptable and that violations are likely to result in criminal prosecution in the future," he added. "This is a classic case of what can happen if strict practices and procedures are not put in place and constantly audited or alternatively are simply not followed. As any subsequent consequences of the breach may not be insurable it should act as a stark reminder to companies to ensure that this type of incident is covered by their insurance policy and to review their risk management policies accordingly."

Read more on IT risk management