Bank Account Mixup Lands Prudential With £50k Fine

Tom Brewster is TechWeek Europe’s Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Firm fined after a mixup involving customers with the same name and birthday

The Information Commissioner’s Office (ICO) has handed out a rare fine to a private sector organisation for mishandling of information, as Prudential was told to cough up £50,000.

The penalty was served after a mix-up of two customers’ account details led to tens of thousands of pounds being handed to the wrong person. Instead of going into one individual’s retirement fund, it actually went to a different customer’s account.

In its defence, Prudential said the mixup was partly down to the fact that the two customers had the same name and date of birth.

Prudential mixup

The fine marks the first time a private company has been punished by the ICO where there was no “significant data loss”. Prudential has accepted the fine and will not appeal, even though it passed the blame onto an independent financial adviser.

“We are very sorry for any distress and inconvenience experienced by the two customers, and we have apologised and compensated them. We regret that this incident occurred and was not resolved more quickly,” a spokesperson for Prudential said.

“The … accidental merging of the two customers’ details was not the result of system or process failures. It originally happened when the financial adviser of the first customer mistakenly provided the address of the second customer to us and requested that we change the first customer’s registered address.

“The problem was rectified in 2010 to the satisfaction of the ICO. We co-operated openly and fully with the review and we accept the fine imposed. Neither customer has suffered financial loss.

“When this issue came to light we reviewed our procedures and staff training and made changes to minimise the chances of a similar error occurring again.”

Stephen Eckersley, ICO head of enforcement, said the customer files were “consistently confused” and Prudential “failed to remedy the situation despite being alerted to the problem on more than one occasion before it was finally resolved”.

“We hope this penalty sends a message to all organisations, but particularly those in the financial sector, that adequate checks must be in place to ensure people’s records are accurate,” he added.

Are you a security pro? Try our quiz!