Cashier used Barclays systems to profile sex attack victim

After £800 fine, Information Commissioner calls for prison sentences.

A 27 year-old bank cashier was fined £800 (A$1,226) yesterday for using her position at Barclays Bank to profile a customer who was the victim of a sex attack by the cashier’s husband.

The offences of Sarah Langridge, no longer an employee of the bank, were discovered during a hearing for her husband’s sentencing when the victim recognised Langridge as a cashier at the bank office she used. The victim, according to the ICO, was concerned that her accounts had been accessed by the attacker’s wife and filed a complaint with police.

Landgridge's husband, Simon, was sentenced to 18 months for the late night attack, outside the victim's home two years ago, according to the Daily Mail.

The bank's investigation found Langridge had accessed the victim’s accounts eight times during the eight month duration of her husband’s trial. Langridge viewed the victim’s personal details, current account entries, lending records and her employer details, however during questioning claimed she had not shared the information with her husband or anyone else.

For her incursions on the victim's privacy, Langrdige was also ordered to pay an additional  £400 and £15 victim’s surcharge. 

The UK’s Information Commission’s Office planned to use the case at a Tuesday Justice Committee hearing to argue for prison terms be available to the courts in serious privacy breaches.

Currently, a Magistrates Court can only issue fines up to £5,000 while the Crown Court can issue unlimited fines under Section 55 of the UK’s Data Protection Act.

“It beggars belief that – in an age where our personal information is being stored and accessed by more organisations than ever – the penalties for seriously abusing the system still do not include the possibility of a prison sentence, even in the most serious cases,” said Information Commissioner Christopher Graham.

“I note the outcome of this latest case, and I remain concerned that the courts are not able to impose the punishment to fit the crime in all cases, because the current penalty for this all too common offence is limited to a fine rather than the full range of possible sentences, including prison for the most serious cases,” Graham said.

“Blagging”, where a person gains unauthorised access to information from a system without necessarily hacking it, has become a serious problem in the UK, according to Graham, pointing to a dozen recent cases from the telecommunications sector, the nation’s postal system, the police and the health sector.

The commissioner said legislators failed to act on tougher legislation that Parliament put in place in 2008 over “unfounded” concerns for the freedom of the press -- a challenge shared by Australian legislators seeking tougher privacy legislation, which came to a head again following News Corporation’s News of the World phone hacking scandal.

“Unfounded concerns about press freedom were a distraction in 2008 and they should never have halted the introduction of stronger sanctions. They should not delay any further the commencement of the powers needed to combat this modern scourge,” said Graham.  

Join the CSO newsletter!

Error: Please check your email address.

Tags privacy legislationBarclays Banksecurity breacheshacking scandalprivacy breaches

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place