The HMRC breach: finance fears
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
A well-placed source at a major high street bank told Information Age that the banks are highly unlikely to be able to identify if an act of fraud has been caused by the HMRC breach.
The UK banking system could be at risk of major operational disruption after millions of families were advised by the Chancellor to monitor their bank accounts for any irregular activity and, if necessary, to obtain credit reports in the wake of the massive HMRC data leak.
Speaking in the Commons on Tuesday George Osborne, the Shadow Chancellor, said that the data leak could lead to “financial instability” as citizens rush to change bank accounts and move their deposits. If such activity was to occur on a mass scale it could disrupt the liquidity flow of financial institutions and put banking operations under severe duress.
Osborne also asked if the government is planning to guarantee the deposits of individuals who are defrauded as a result of the breach.
The Shadow Chancellor’s remarks alluded to the ongoing Northern Rock crisis which, at its height, also caused the bank’s website to fail under the strain of exceptionally high traffic. The massive scale of the recent HMRC data breach, in which a staggering 25 million citizens' personal details were lost in transit, could have far wider-reaching consequences if affected individuals lose trust in the safety of their deposits.
Banking association Apacs roundly dismissed the suggestion that the massive data leak could lead to problems for the banking community, however. Banks regularly monitor their customers’ accounts meaning the banks’ internal activity is unlikely to change and depositors are not necessarily at any increased risk, said an Apacs spokesperson
The BBC’s breakfast show and Radio 5 both reported on Wednesday, however, that swathes of readers and listeners had already determined to change their bank accounts. The Times newspaper also reported on Thursday that banking customers had flocked to alter their PIN codes.
Jonathan Armstrong, a partner at Eversheds law firm, a technology specialist, told Information Age that many organisations’ communication channels are not geared up to cope with the volume of traffic such an incident is likely to prompt.
Apacs conceded that banking call centres will be “deluged” – activity that could prove extremely costly for banking organisations. Changing a password, which frequently happens during phone banking sessions, for example, can cost the bank in question up to £25 on each occasion.
The Apacs spokesperson stressed, however, that there remains no evidence, according to the banks, that any individual has so far been a victim of fraud or identity theft as a result of the leak.
But a well-placed source at a major high street bank told Information Age that banks very rarely, if ever, learn the original source of an act of fraud or a case of identity theft. “You’ll never know. There are so many ways in which data can be compromised you can never ever say for sure what caused the case of identity theft for a particular individual. It’s like food poisoning; you might have an idea what caused it, but you never know.”
To this extent the true implications of the government’s spectacular data breach will probably never be gauged – much like the true scale of online and Internet-enabled crime which still defies any true measure in terms of incidence and cost.
It will also make it difficult for potential victims to claim compensation in the event of fraud.
Even if customers are not victims of fraud or identity theft as a direct result of the data loss itself, such incidents are frequently exploited by hackers in order to launch socially engineered hacking attacks. Real-world events often lead to the release of a worm or virus via an email posing as a news update on the event in question.
It is highly likely, said Armstrong, that criminals will launch a massive phishing attack off the back of the news.
“I would wager that, right now, there is a hacker in Russia or Eastern Europe currently writing some sophisticated emails saying ‘it’s necessary to change your bank account’.”
Further reading
IBM shows how to crack Barclays' security system
IBM chief: Security industry "in turmoil"
Find more stories in the Security & Continuity Briefing Room
