An unnamed third party has been blamed for an error that led to a breach of 83,000 customer records from The Co-operative Group.
The data was related to planning products offered by the Life Planning division of the Co-Operative and an error at a third party support services provider for its life planning and wills and funeral planning division has been blamed for the breach.
According to Money Marketing magazine, a file containing customer information appeared embedded within an internet search. The data has been classed as ‘non-sensitive' under the Data Protection Act and Co-operative Life Planning has chosen not to name the third party involved.
A spokesman for Co-operative Life Planning, said: “As a result of an error at a company which provides technical support services to Co-operative Life Planning, the security of some data was lowered. A full investigation into how the issue occurred is under way.
“The Information Commissioner's Office has been notified. We take our responsibilities to our customers extremely seriously and we have written to all the approximately 83,000 customers affected.”
Ross Brewer, vice president and managing director for international markets at LogRhythm, said: “After a similar situation affected Play.com last week, the Co-operative Group security breach is further proof of the way that third parties can expose organisations to online threats. If these service providers are going to have access to data, then it is essential they are subject to at least the same level of security as the company procuring their services.
“The Co-operative Group has stated that the data in question is non-sensitive, but I'm not so sure its customers will see things that way. A survey conducted by OnePoll in November 2010 found that 17 per cent of customers would definitely not have anything more to do with the guilty party.”
Nigel Hawthorn, EMEA VP of marketing at Blue Coat, said: “These announcements seem to now be daily occurrences, but this is just the tip of the iceberg as it is only those companies who know that they have lost data and then ‘come clean' about the problem with their customers that we hear about.
“We need to have a disclosure law where every organisation that loses UK data has to inform their customers, and the government, so that data loss is taken more seriously.”