In recent months, the attention of the public has been consumed by concerns over private data abuse by such public spy agencies as the NSA, as well as what personal financial information may have been intercepted by rogue hacker black hats who in the past two months have been blamed for millions in credit card privacy breaches. However, so far there have been two major loose ends in the story of personal data collection (and abuse): just how web search browsers and cookie-based advertising companies collect everything there is to know about the particular interests and desires of any given individual, and just as importantly, how banks abuse client confidentiality by taking the secret financial data of their clients less than seriously.
Today, one of these loose ends got some much needed public exposure after the Daily Mail, of all places, reported that it had been approached by a whistleblower, who revealed that in one of the biggest breaches of bank secrecy, bailed out Barclays had stolen and sold the confidential personal and financial data of up to 27,000 clients to the highest market bidder, in most cases rogue traders who had seen Glengarry Glen Ross one too many times, and who would then use Jordan Belfort-inspired tactics to sell money losing investment products to those unlucky thousands who had entrusted their data to the bank.
Is this the case of yet another “Snowden” growing a conscience and exposing the fraud he had witnessed for all to see? For the time being, it sure looks like it: “This is the worst [leak] I’ve come across by far,’ said the former commodity broker and whistleblower. ‘“But this illegal trade is going on all the time in the City. I want to go public to stop it getting bigger.”
Barclays Bank is reeling from an unprecedented security breach after thousands of confidential customer files were stolen and sold on to rogue City traders.
In the worst case of data loss from a British High Street bank, highly sensitive information, including customers’ earnings, savings, mortgages, health issues and insurance policies, ended up in the hands of unscrupulous brokers. The data ‘gold mine’ – also containing passport and national insurance numbers – is worth millions on the black market because it allowed unsuspecting individuals to be targeted in investment scams.
Barclays last night launched an urgent investigation and promised to co-operate with police.
It is not clear how the records were stolen, but the bank could face an unlimited fine if found guilty of putting customers’ details at risk.
The leak was exposed by an anonymous whistleblower who passed The Mail on Sunday a memory stick containing files on 2,000 of the bank’s customers.
He claimed it was a sample from a stolen database of up to 27,000 files, which he said could be sold by shady salesmen for up to £50 per file.
Of course, Barclays has had its share of legal troubles in recent years, having been exposed as the first bank in the still growing Libor-rigging scandal for which is was fined GBP290 million, and now this data loss, which is a breach of its obligations under the Data Protection Act to keep personal information secure, will almost certainly cost its many more hundreds of millions in legal fees and damages.
The sources of the breached and stolen files was data collected from customers who had sought financial advice from the bank, and passed on their details during meetings with an adviser. The consultations included filling out questionnaires – or ‘psychometric tests’ – which revealed their attitude to risk. That information could be exploited to persuade victims to buy into questionable investments.
One could call them, the “Glengarry leads”, and an example of one is shown below:
But while Barclays collecting detailed data about its clients is perfectly normal, what it did next is criminal:
The whistleblower first became aware of the Barclays leads in September when the boss of the brokerage firm asked him to sell them to other traders. ‘The obvious question I asked was, “These are fantastic leads, why are you not using them yourself?”
‘He replied, “We have – sell it as secondary data.” He had got all he could out of them. New, they were worth £50 per file. He asked us to sell for £8.’
The whistleblower showed the leads to a select group of brokers ‘who thought they were amazing’, but eventually decided not to sell.
‘My conscience got the better of me. It was all just so wrong,’ he said. ‘I wasn’t a broker myself at this stage, but I had a business link to the firm.’
Between December 2012 and September 2013 the firm persuaded victims to buy rare earth metals that did not exist, it is claimed. The whistleblower estimates up to 1,000 people could have been ‘scammed’.
Then the party was over as quickly as it started:
When the investors began to suspect they were being fleeced he said the boss chose to ‘shut the trading floor’.
‘His orders were to get rid of the evidence, to show that we were never there. We bleached the desks so his DNA was not in the office. We destroyed his laptop and 15 bags of paperwork. We wiped the computers. During this fiasco he asked me, “Have you got the Barclays leads?” I said, “No, I haven’t, they must have been destroyed”. ‘But I kept them because I thought the whole thing had gone too far. I want to stop it now, to tell people what was happening.’
Alas, the burning down of the crime scene was not enough, and now that Barclays has been exposed, the damage control begins:
Barclays said in a statement: ‘We are grateful to The Mail on Sunday for bringing this to our attention and we contacted the Information Commissioner and other regulators on Friday as soon as we were made aware. ‘Our initial investigations suggest this is isolated to customers linked to our Barclays Financial Planning business, which we ceased in 2011.
‘We will take all necessary steps to contact and advise those customers as soon as possible so that they can also ensure the safety of their personal data. ‘Protecting customers’ data is a top priority and we take this issue extremely seriously. This appears to be criminal action and we will co-operate with the authorities on pursuing the perpetrator.
‘We would like to reassure all of our customers that we have taken every practical measure to ensure that personal and financial details remain as safe and secure as possible.’ The Mail on Sunday has arranged to pass on the data to the Information Commissioner’s Office. A spokesman said: ‘We’ll be working with The Mail on Sunday this week as well as working with the police.’
That’s not all: we also learn that the legacy of the Wolf of Wall Street is alive and well. So alive in fact, he has been in ongoing consultations on how to cold call clients about which the sellers already knew everything in advance:
Brokerages want to hire people who are money-oriented, articulate and who speak the Queen’s English. Their ideal is the young, hungry white guy. They want the most aggressive person, very manipulative and bullish, almost like a New York broker in the 1980s.
In the first interview they would ask: ‘Do you **** whores and sniff coke? Do not come and work here if you don’t.’ They might even ask the interviewee to sing a song. They want to see if they can bend them over a barrel and get them to do what they want. Out of 10,000 brokers, 9,000 will be earning below the minimum wage. The majority will never succeed. The successful ones do not have a moral compass.
Most people drop out after a couple of years because they burn out but I know old school brokers who’ve done it since the 1980s.
We got trained by Jordan Belfort, the real-life Wolf of Wall Street. It cost £38,000 for an hour’s conference call with him from New York. Three different firms took part and there were 40 brokers in the room, sitting around a phone.
He’s big on ‘rapport building’. He shows how to apply pressure in the right places – how to manipulate people in a controlled way. In all cases, brokers try to find the person’s motive for investing. When trust is established it’s very easy to make the ale or ‘load’ a client with a commodity. Loaders are a breed of broker and some can earn 40 per cent a deal on just the commission.
A lot of contracts between broker and investor include ‘exit confirmation’ – the date when the return on investment is expected. But in many cases those clauses are a lie. A month or two before the exit strategy is due, the firm winds up and disappears.
The owners – criminals in sharp suits – will set up shop, trade for a bit, then the company will close, only for the brokers to open another one.
The next day they ring the same clients, but with different voices on the end of the phone. You might use a different name – nobody uses their real name. Many on the Barclays list were born in the 1930s. Old people are perfect targets because they are more trusting and they haven’t got long left. You hope they die before your exit strategy comes up.
Hopefully this anecdote serves to illustrate the link between insolvent but bailed out and cash-strapped banks, boiler rooms, and criminal salespeople.
Finally, it goes without saying, that if this is happening in the UK it most certainly taking place in the US as well. And as a follow up – while the general public has every right to be concerned about how its private data is being abused by public spy entities such as the NSA, perhaps it is time to inquire just how it may be abused not only by private banks such as Barclays, but by all those private corporations who interact daily with the countless users who share their data on the Internet assuming that it won’t be used in a criminal fashion by virtually everyone.