Indian call center employees sell confidential data belonging to users for as little as $0.03, reports the Daily Mail.
According to the news outlet, reporters from The Sunday Times have gone undercover in India and have tried to discover if the information that call center employees have access to is in danger of being shared with marketers and crooks.
Unfortunately, the answer is yes, as two IT “consultants” were ready to meet and to offer for sale over 45 different sets of information on nearly 500,000 Britons.
Among the information contained in the data sets were names, addresses and phone numbers, credit and debit card information complete with the expiry dates and the three-digit security verification codes, information about loans and mortgages, mobile phone contracts, television subscriptions, medical records and more.
Most of the information comes from a number of major banks and financial organizations, and its usually less than 72 hours old, allowing its buyers to easily take advantage of it.
“These [pieces of data] are ones that have been sold to somebody already. This is Barclays, this is Halifax, this is Lloyds TSB. We’ve been dealing so long we can tell the bank by just the card number,” boasted the “consultants” to the reporters, showing the records on a laptop.
The financial data is definitely a boon for cyber crooks, but the rest is a goldmine for marketers. Having that much insight into the personal lives of the users allows them or their clients to make their efforts at targeting users more successful.
According to DM, some 330,000 people are employed in call centers in India, and it’s logical to assume that these particular “consultants” are not the only ones selling. Some British companies have already closed down the call centers they had in India and transferred them to other countries, the problem is likely to remain.
As long as the theft can be executed without getting caught, there are always those who will try to get away with it, even in “rich” countries.
It seems to me that the answer to this problem to make it as difficult as possible for employees to exfiltrate the data in the first place. Data leakage prevention solutions come to mind, as well as making it impossible for them to use movable data storage devices.
It is also important to put data security policies in place, and punish those who break them. Of course, all these are not full-proof solutions by themselves, but used together they can seriously lessen the risk of data being stolen.