U.K. banks off the hook for Indian data breach
No action in store for banks over alleged sales of customer data by an Indian call center worker, U.K. watchdog says.
In the breach, an undercover newspaper reporter was allegedly able to buy the bank account, credit card, passport and driving license details of 1,000 British bank customers for just 4.25 pounds ($7.50) each from a New Delhi call center worker who was said to have promised to supply confidential data from 200,000 accounts per month.
The Information Commissioner, the U.K.'s data protection agency, warned at the time that the banks could face prosecution for a criminal breach of the country's Data Protection Act.
But the IC said on Friday that it will not be taking action against any of the banks involved in the newspaper sting. Following an investigation, there was no evidence that any personal information was compromised, it said.
An IC official told Silicon.com: "We have no evidence to go on at the moment, and we are not in a position to take further action."
He said the investigation also found the security procedures at the Indian call center involved in the data leak to be "robust."
The City of London police force has said from the outset that it was unable to deal with the allegations because it has no jurisdiction outside of the U.K.
The Financial Services Authority, which oversees British banking, also showed little enthusiasm for an investigation, saying at the time: "Our concerns are whether adequate security controls were in place, but a determined fraudster is always going to get through."
Andy McCue of Silicon.com reported from London.