Bank of Scotland fined for sending customer details to wrong numbers

The Bank of Scotland has been fined $116,295 for sending sensitive customer details to the wrong people over a four-year period via fax.

The information included payslips, bank statements, account details and mortgage applications, along with customers’ names and contact details to the wrong recipients. The first incident was reported in February 2009.

The bank, which is owned by Lloyds Banking Group, was served the fine following an investigation by the UK Information Commissioner’s Office (ICO).

At least 21 documents were sent to third party organisations during this time, with another member of the public receiving 10 misdirected faxes. The incorrect fax numbers were one digit outside the details for the intended recipient, which was a department within the bank responsible for uploading documents to the bank’s system.

The ICO claimed the errors continued while it was investigating the breaches. Stephen Eckersley, Head of Enforcement at the ICO described the bank’s conduct as "unforgiveable."

"The Bank of Scotland has continually failed to address the problems raised over its insecure use of fax machines. To send a person’s financial records to the wrong fax number once is careless. To do so continually over a four year period, despite being aware of the problem, is unforgiveable and in clear breach of the Data Protection Act," he said.

"Let us not forget that this information would have been all a criminal would ever need to carry out identity fraud. Today’s penalty reflects the seriousness of this case," Eckersley continued.

A spokesperson from Lloyds Banking Group apologised for the security breach. "The security of our customers’ data is always our key priority," the spokesperson told RBI.

"We apologise that, due to human error, a very small number of documents relating to 32 customers were unfortunately misdirected. This occurred over a period in which several million customer documents, using the same process, were correctly received," they continued.

According to Lloyds Banking Group, no customer suffered any harm or detriment as a result of the error. "We are continually reviewing our processes to ensure our customers’ information remains safe," the bank said.

Related articles:

Lloyds will return to the private sector says UK chancellor

Further job losses at Lloyds banking group

Lloyds Banking Group post sharp rise in Q1 profits

Bank of Scotland fined for sending customer details to wrong numbers

Go deeper with GlobalData

Russia: Falling Voice Revenue and Macroeconomic Uncertainty to Slow the Growth of the Telecom Market

The Impact of Money Laundering on Customer Due Diligence

Data Insights

Russia: Falling Voice Revenue and Macroeconomic Uncertainty to Slow the Growth of the Telecom Market

The Impact of Money Laundering on Customer Due Diligence

Data Insights

Allen & Overy, White & Case top legal advisers in Middle East and Africa in Q1 2025

UBS, Rand Merchant Bank top financial advisers in Middle East and Africa in Q1 2025

Skadden, Arps, Slate, Meagher & Flom leads M&A legal advisory in South & Central America for Q1 2025

RBC Capital Markets, UBS lead M&A advisory in South & Central America for Q1 2025

Sign up for our daily news round-up!

Sign up to the newsletter: In Brief

Go deeper with GlobalData

Data Insights

Sign up for our daily news round-up!

Give your business an edge with our leading industry insights.

Go deeper with GlobalData

Data Insights

Sign up for our daily news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing