Home News News Item
 

Cahoot Hit By Web Security Scare

November 2004

A security loophole at internet bank Cahoot briefly allowed customers to access other people's accounts, a BBC investigation has revealed.

The website, run by Abbey bank, was closed down for 10 hours to carry out urgent repairs.

The site has now reopened and the bank says the problem, which was caused by a system upgrade, has been fixed.

Cahoot apologised for the breach, but said hackers would not have been able to move money between accounts.

The investigation, by BBC Breakfast, followed a tip-off from a viewer, who found he could access the site with only a user name.

Tim Sawyer, head of Cahoot bank, said it needed to learn lessons from the security breach, which he said had been caused during a system upgrade.

"I believe that we need to look closely at our processes because this has not been our greatest moment," Mr Sawyer said.

"We did not fail as an organisation because there was no risk of financial loss, but we do need to learn lessons from this."

Cahoot is likely to face an investigation from the Information Commissioner's Office, the organisation that oversees data protection.

A spokesman for the Information Commissioner told BBC News that by allowing customers to view other people's financial details, Cahoot had breached the Data Protection Act,

It could not confirm if it had received complaints from any banking customers, but said it would investigate if customers did complain.

"I'm sure people will get in touch and we would look into it to ensure it did not happen again," a spokesman said.

Source...

News Headlines