[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Saturday, 25 September, 2004, 12:04 GMT 13:04 UK
HFC bank in mass e-mail blunder
Man at computer
The e-mail asked customers to call a helpline urgently

One of the UK's biggest providers of loans and credit cards has infuriated thousands of customers by revealing their personal details in an e-mail.

HFC bank sent "urgent" e-mails to 2,600 people but an error meant that each address was visible to everyone else on the list.

The problem was compounded when customers' "out-of-office" messages began to respond, many containing home and mobile telephone numbers.

The bank has admitted it is in breach of data protection law and has credited affected people's accounts with 50 compensation.

But many customers are still unhappy and are considering legal action.

HFC Bank is owned by HSBC, and operates credit cards for Marbles and Vauxhall GM, as well as affinity cards for the Law Society and the Open University.

Angry forum

The bank claims a senior payment advisor made the mistake on Tuesday, when three e-mails were sent to groups of more than 800 customers asking them to call a helpline number.

The Information Commissioner has confirmed to Money Box that although HFC did break the law, it will not take action on this occasion.

I thought it was a hoax, I was absolutely gobsmacked
Brad, HFC customer
However, HFC customer Brad is so angry he has set up an online forum for affected people to share views. He told the BBC's Money Box programme:

"I thought it was a hoax. I was absolutely gobsmacked and really did not know what to do."

It was only after wading through hundreds of e-mails from other customers that he realised it was not a hoax but a serious mistake by HFC.

He continued: "We are now all open to fraud. It is a huge mess."

Worrying precedent?

HFC bank has been quick to apologise. Speaking to the programme, its Corporate Director Martin Rutland said:

"I think there are times when you just have to put your hand up and say it was a human error.

"We have been sending e-mails out this way for well over a year. They have never been a problem. In this instance we made a mistake, and we unreservedly apologise for it."

Scammers online are very keen to get hold of people's identities
Alan Stevens, internet specialist
But internet specialist Alan Stevens is worried about the bank's method of communication:

"I think this is a very worrying precedent. The fact is, e-mail is probably one of the most insecure methods to contact somebody, because when you send somebody an e-mail it does not just go to them, all sorts of copies get left around the internet."

He continued: "Scammers online are very keen to get hold of people's identities. If they can actually identify a real person, and moreover know what bank they bank with, it is quite a serious thing."

Martin Rutland however did not think customers were in danger, but did say:

"If someone can prove that having their e-mail address sent to another customer has caused them financial loss, then they should contact us and make an appropriate claim.

"The advice we give is like all financial institutions, never give details of your account out over the internet."

BBC Radio 4's Money Box was broadcast on Saturday, 25 September, 2004 at 1204 BST.

The programme was repeated on Sunday, 26 September, at 2102 BST.

Money Box



Download or subscribe to this programme's podcast

Podcast Help

The BBC is not responsible for the content of external internet sites


News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific