DPA breaches spike by 183 percent in UK financial services sector

But is sector experiencing deteriorating security or better reporting?


The number of Data Protection Act (DPA) breaches in the financial services sector has soared by 183 percent in only two years, a Freedom of Information (FoI) request by Egress Software Technologies has discovered.

The firm discovered that that the Information Commissioner’s Office (ICO) recorded 791 breaches in this sector over the two years to 2014, including 585 in the latter year alone. For comparison, this was around three times the numbers of the legal sector.

The firm later clarified that not all of these were security-related - the figure for data security issues was 158. Institutions reporting breaches in these years included Barclays, HSBC, Lloyds Banking Group, Natwest, Nationwide and Santander.

“Today’s report casts some major concerns over the mistakes they’re making with the information entrusted to them, whether that be citizens’ personal details or highly confidential reports about the economic future of the country,” argued Egress CEO, Tony Pepper.

“It is staggering to see financial services firms reporting more than three times the number of incidents than the legal sector, which has recently come under fire from the ICO.”

Pepper said that the rise in notifiable breaches augured badly for the introduction of the EU General Data Protection Regulation (GDPR) later this year, under far more severe penalties could be levied than has hitherto been the case in the UK

“It is interesting to note that the monetary penalties issued by the ICO to this sector have historically been so low.”

The numbers can be interepreted in two ways - security is deteriorating or - more likely - there is better reporting as awareness of data protection legislation improves. Anecdotal evidence would certainly suggest the latter.  The culture of keeping incidents within an organisation within this sector is slowly breaking down as the balance of risk starts to favour owning up.

However, it is impossible to prove this without deeper research of the sort few security firms will undertake.

Several firms have put in FoI requests to official bodies tied into publicity for this week’s Infosec Show in London, including an analysis by ViaSat UK that found the ICO numbers give a very optimistic indication of the levels of data loss in the UK.

Separately, the government-backed Children and Family Court Advisory and Support Service (Cafcass) announced last week that is recently migrated to Egress Software’s Switch encrypted email system.

"Recommended For You"

Public sector fuels tenfold rise data breaches since 2007 Data breaches in UK healthcare sector double since 2013, ICO numbers show