An unsettling investigation reveals how easy and cheap it is for scammers and nuisance callers to get hold of your personal and financial details.
A private investigation by consumer group Which? has found that people’s sensitive personal and financial data is being sold for as little as 4p.
The group probed 14 data-collecting companies by posing as a fake firm contacting people about early pension releases - a common pension scam.
The researchers were able to buy information from 10 of the companies that they contacted, but rest assured, they didn’t actually go and buy it.
Have a read over your credit report if you suspect you've fallen victim to a scammer
What did they find?
Many examples of irresponsible behaviour were uncovered.
Several of these companies were willing to give information for over half a million people aged 50+ like salary, homes and jobs. Some of these include:
- An invoice issued by one company for nearly 500,000 pieces of personal information at just 4p each with a household income of £40,000+ including phone number and address
- Another firm issued an invoice for 2,200 names and numbers of people with a household income of £35,000+ at 66p per item
- One company sent a sample telephone list on which 13 out of 18 people were registered with the Telephone Preference Service (TPS) – the central opt-out register where people can record their preference not to receive unsolicited marketing calls
- Another company issued an invoice containing bank details for 5,000 records at 24p per item with assurances that the data would be sent as soon as payment was made.
Personal information can end up in the hands of list brokers if people have entered an online competition or answered a lifestyle survey.
Did they realise that Which’s company was fake?
Only four of the companies refused to deal with Which?'s fake pensions company. The other 10 failed to make basic checks right up until the point of sale.
Anybody could have done some basic research to check the company’s validity for themselves.
It didn't appear on the Companies House website nor was it FCA regulated, despite the fact that it offered financial advice. It wasn't registered with the Information Commissioner’s Office (ICO) either.
When the watchdog contacted these companies after its investigation, many tried to defend themselves by saying that they 'should’ve done more checks' before sharing the data.
The company that shared sample data admitted that ‘it did not do the necessary checks on this occasion’.
Even more worryingly, one of the companies wasn’t even registered with the ICO at the time of the investigation which is a criminal offence. It later admitted to an ‘administrative oversight’ which delayed registration renewal by 23 days.
Many of the companies were in breach of guidance on how much consent people need to give to have their details shared. For valid consent ‘knowingly and clearly given, clear and specific’.
Some were using such vague consent that it wouldn’t pass the ICO standard.
Which? presented its findings to the ICO after the investigation. The ICO found the research ‘concerning’.
Find more tips over at Cold calls: how to stop nuisance phone calls.
Have a read over your credit report if you suspect you've fallen victim to a scammer
Watch out for these:
Gmail scam even the experts are falling for - how to stay safe
The 25 worst passwords - and how to make yours uncrackable