A Shares investigation has revealed how IG Index – part of FTSE 250 IG Group (IGG) – mistakenly released a customer’s personal details which could have been used to access their account. Shares was accidentally sent the personal details of Alexei Tarev, a City worker and customer of IG, in the form of an original Thames Water utility bill after we opened an account ourselves as part of wider research into spread betting companies. The water bill contained sufficient details to have gained access to Tarev’s account, raising question marks over IG’s security measures. Utilities bills are one of a number of forms of identification used to open spread betting accounts at IG, including bank statements.
‘The fact that a customer’s details were sent to the wrong address is quite worrying, and makes one question the whole security situation at IG,’ says Tarev. ‘I can see all sorts of things going wrong as a result of events like this, and would strongly recommend companies that store personal details of customers approach the situation with a set of more stringent internal controls.’
Roger Lawson, communications director at the UK Shareholders’ Association (UKSA), whose organisation represents the interests of private investors, was also critical. ‘This appears to show that IG Index security is somewhat lax and not up to modern standards,’ he says.
IG, having been alerted to the leak by Shares, responded by launching its own thorough investigation into its security measures. ‘Client confidentiality is of utmost importance at IG and this was an isolated incident arising from a clerical error,’ says Matthew Tooth, financial sales director of IG Group. ‘We have carried out a very thorough investigation of our procedures and are confident that we have done everything possible to ensure that this will not happen again.’
While this is likely to have been an isolated incident, it is a worrying development given the sharp rise of internet fraud and identity theft in the past few years. Recent reports suggest over 52,000 Brits were affected by cyber crime in the first nine months of 2007.
