Belfast Telegraph

UK Website Of The Year

The Money Shop fined £180,000 for losing thousands of customers' details

Published 06/08/2015

The Money Shop failed to keep servers locked in their own room
The Money Shop failed to keep servers locked in their own room

Pay day lender The Money Shop has been fined £180,000 after losing computer servers containing details for thousands of customers

The Information Commissioner's Office (ICO) issued the civil penalty following two incidents - one in Lurgan, Northern Ireland, in April 2014 and then a second a month later in Swindon.

The servers remain missing and the ICO said encryption standards were not strong enough to be confident the machines had not been accessed.

Head of Enforcement, Steve Eckersley said: "Customers of The Money Shop entrusted the company with their personal and financial details with the expectation that the information would be kept safely and securely.

"Our investigations discovered that this wasn't the case and that this information was regularly left exposed when equipment was moved around the country.

"There was potential for fraud and financial loss to customers which is unacceptable and in both cases, had the data been properly encrypted the damage and distress to customers and the monetary penalty could have been avoided.

"Hopefully it's an example to other organisations, whatever business they may be in, that the safety of personal information must be taken seriously. Policies and procedures must be put in place or we will take action."

Among the problems identified was a failure by the firm to follow its own policy of keeping servers locked in their own room.

And the ICO found a "widespread practice" of The Money Shop regularly transporting unencrypted servers between its Nottingham Head Office and its branches around the country.

A statement from Dollar UK, which is behind The Money Shop, said: "Dollar UK reiterates its apologies to any customers who have been affected by these incidents. Since these events took place, Dollar UK has come under new ownership and management, implementing a complete review of IT and systems security including the replacement of those responsible for managing this essential element of business infrastructure and consumer confidence.

"The ICO has acknowledged the steps taken by Dollar UK following the incidents in its findings as well as recognising Dollar UK's complete co-operation with its investigation. We continue to reform and develop Dollar UK towards being the most responsible lender in its market place."

Your Comments

COMMENT RULES: Comments that are judged to be defamatory, abusive or in bad taste are not acceptable and contributors who consistently fall below certain criteria will be permanently blacklisted. The moderator will not enter into debate with individual contributors and the moderator’s decision is final. It is Belfast Telegraph policy to close comments on court cases, tribunals and active legal investigations. We may also close comments on articles which are being targeted for abuse. Problems with commenting?

Read More

From Belfast Telegraph