The Bank of Scotland has been fined $116,295 for sending sensitive customer details to the wrong people over a four-year period via fax.

The information included payslips, bank statements, account details and mortgage applications, along with customers’ names and contact details to the wrong recipients. The first incident was reported in February 2009.

The bank, which is owned by Lloyds Banking Group, was served the fine following an investigation by the UK Information Commissioner’s Office (ICO).

At least 21 documents were sent to third party organisations during this time, with another member of the public receiving 10 misdirected faxes. The incorrect fax numbers were one digit outside the details for the intended recipient, which was a department within the bank responsible for uploading documents to the bank’s system.

The ICO claimed the errors continued while it was investigating the breaches. Stephen Eckersley, Head of Enforcement at the ICO described the bank’s conduct as "unforgiveable."

"The Bank of Scotland has continually failed to address the problems raised over its insecure use of fax machines. To send a person’s financial records to the wrong fax number once is careless. To do so continually over a four year period, despite being aware of the problem, is unforgiveable and in clear breach of the Data Protection Act," he said.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

"Let us not forget that this information would have been all a criminal would ever need to carry out identity fraud. Today’s penalty reflects the seriousness of this case," Eckersley continued.

A spokesperson from Lloyds Banking Group apologised for the security breach. "The security of our customers’ data is always our key priority," the spokesperson told RBI.

"We apologise that, due to human error, a very small number of documents relating to 32 customers were unfortunately misdirected. This occurred over a period in which several million customer documents, using the same process, were correctly received," they continued.

According to Lloyds Banking Group, no customer suffered any harm or detriment as a result of the error. "We are continually reviewing our processes to ensure our customers’ information remains safe," the bank said.


Related articles:

Lloyds will return to the private sector says UK chancellor

Further job losses at Lloyds banking group

Lloyds Banking Group post sharp rise in Q1 profits