Indian Call Centre Worker Sells Customer Details

lxt writes "A British tabloid newspaper managed to buy the personal details of over 1000 bank customers from an off-shore call centre based in Delhi. An IT worker at the call centre handed over details at £4.25 per customer, as well as credit card numbers and account passwords. He claimed could sell over 200,000 account details every month. The British police force has passed on details to Interpol and the Indian authorities, in an attempt to prosecute the individual. The BBC is also covering the story."

Indian press

[anandpur]

This story is all over in Indian press.
http://us.rediff.com/money/2005/jun/23bpo.htm [rediff.com]
http://www.hindustantimes.com/news/181_1408799,001 300460000.htm [hindustantimes.com]
http://timesofindia.indiatimes.com/articleshow/115 0344.cms [indiatimes.com]
http://timesofindia.indiatimes.com/articleshow/115 0670.cms [indiatimes.com]
http://www.expressindia.com/fullstory.php?newsid=4 9334 [expressindia.com]

Re:even worse

[johansalk]

Here... I found it

"SF Gate www.sfgate.com A tough lesson on medical privacy Pakistani transcriber threatens UCSF over back pay - David Lazarus Wednesday, October 22, 2003 "Your patient records are out in the open... so you better track that person and make him pay my dues." A woman in Pakistan doing cut-rate clerical work for UCSF Medical Center threatened to post patients' confidential files on the Internet unless she was paid more money.To show she was serious, the woman sent UCSF an e-mail earlier this month with actual patients' records attached. The violation of medical privacy - apparently the first of its kind - highlights the danger of "offshoring" work that involves sensitive materials, an increasing trend among budget-conscious U.S. companies and institutions. U.S. laws maintain strict standards to protect patients' medical data. But those laws are virtually unenforceable overseas, where much of the labor- intensive transcribing of dictated medical notes to written form is being exported. "This was an egregious breach," said Tomi Ryba, chief operating officer of UCSF Medical Center. "We took this very, very seriously." She stressed that the renowned San Francisco facility is not alone in facing the risk of patients' confidential information being used as leverage by unscrupulous members of the increasingly global health-care industry. "This is an issue that affects the entire industry and the entire nation," Ryba said. Nearly all Bay Area hospitals contract with outside firms to handle at least a portion of their voluminous medical-transcription workload. Those firms in turn frequently subcontract with other companies. In the case of the threat to release UCSF patient records online, a chain of three different subcontractors was used. UCSF and its original contractor, Sausalito's Transcription Stat, say they had no knowledge that the work eventually would find its way abroad. The Pakistani woman's threat was withdrawn only after she received hundreds of dollars from another person indirectly caught up in the extortion attempt. The $20 billion medical-transcription business handles dictation from doctors relating to all aspects of the health-care process, from routine exams to surgical procedures. Patients' full medical histories often are included in transcribed reports. While it's impossible to know for sure how much of the work is heading overseas, the American Association for Medical Transcription, an industry group, estimates that about 10 percent of all U.S. medical transcription is being done abroad. For two decades, UCSF has outsourced a portion of its transcription work to Transcription Stat. Kim Kaneko, the owner of the Sausalito firm, said she maintains a network of 15 subcontractors throughout the country to handle the "hundreds of files a day" received by her office. One of those subcontractors is a Florida woman named Sonya Newburn, whom Kaneko said she'd been using steadily for about a year and a half. Kaneko knew that Newburn herself used subcontractors but assumed that was as far as it went. What Kaneko said she didn't know is that one of Newburn's transcribers, a Texas man named Tom Spires, had his own network of subcontractors. One of these, apparently, was a Pakistani woman named Lubna Baloch. On Oct. 7, UCSF officials received an e-mail from Baloch, who described herself as "a medical doctor by profession." She said Spires owed her money and had cut off all communication. Baloch demanded that UCSF find Spires and remedy the situation. She wrote: "Your patient records are out in the open to be exposed, so you better track that person and make him pay my dues or otherwise I will expose all the voice files and patient records of UCSF Parnassus and Mt. Zion campuses on the Internet." Actual files containing dictation from UCSF doctors were attached to the e- mail. The files reportedly involved two patients. "I can't believe this happened," Kaneko said. "We've been working for UC for 20 years, and nothing like this has ever happened before." The files i

Re:Why hello there Mr. McCarthy!

[kgruscho]

I used to work at a homeless shelter (in the US), a lot of the guys would get jobs at call-centers. Almost all of them tried to pull something like that. That said, nobody I ever met would have pulled over 100...

Re:Lowest bidder indeed

[Anonymous Coward]

pathetic fallacy [reference.com] n.

The attribution of human emotions or characteristics to inanimate objects or to nature; for example, angry clouds; a cruel wind.

So, are you saying that call centre people are inanimate objects?

Gimme a break

[Yankel]

This is only making news because it's an offshore company for a Western financial institution. Maybe because companies are now supposed to tell their clients when their personal information has been compromised (which has *never* happened in house, right?).

Is it that the low-paid workers are more likely to steal, or, that these offshore companies just have less security, and a less-thorough recruitment process? Problem that domestic businesses deal with as well.

Enron and Parmalat have shown us that no matter where you are on the corporate ladder, there are rotten branches on the tree.

Re:Lowest bidder indeed

[tomstdenis]

That's the dumbest thing I've ever read. Fraud is illegal in India [many codes]. In particular [IANAIL but...] section 423 of the Indian Penal code seems to deal with this. It's two years in prison. ;-)

Use a google search engine next time.

Tom

Re:Lowest bidder indeed

[tomstdenis]

Liability law.

If Dell outsources to India and you get rammed you sue Dell USA not Dell India. Since it's Dell USA that sends the data out they're responsible for what others do with it.

[I'm using Dell here as an example company, obviously this applies to any other outsourcing company].

On top of that fraud is well covered by the Indian penal code so their actions are not going to be "totally unnoticed".

Tom

Re:The problem with concentration

[justforaday]

Don't forget about the days of carbon copies for credit card receipts. Way back when, they used to make an imprint of your credit card onto several sheets of paper which had sheets of carbon paper between them. This was your receipt, which they had you sign. After the imprint/signature was done, they would then pull out the 2 or 3 carbon sheets and toss em in the trash (remember that this now has a full imprint of your card plus your signature). A good clerk would tear up the carbon paper in front of you (which quickly gets pretty messy) or offer you the carbon copies so you could destroy them yourself. But more often than not, they would just end up totally whole in the trashcan, which would then end up out in the dumpster out back. Thankfully it's almost all done electronically now, so you're not quite so reliant on the competence of the clerk...

DPA (1998) Breach

[SkiifGeek]

I was waiting for this response.

I think that the Data Protection Act is a wonderful idea, along with all the other privacy related laws that the EU and the US have implemented.

Unfortunately, they all suffer the same weakness - people. No matter how well written the laws become, there will always be someone who has access to valuable information who is willing to sell / destroy / manipulate it for profit.

I think that, in addition to the laws currently on the books, that they should get extended to provide real penalties to companies and people in breach. I also think that there needs to be a greater push made for systems and software that minimises the risk of damage that any one person can make when it deals with information related to these Acts - perhaps a real, useful ISO standard or somesuch (as opposed to ISO 9000 / CMM - where our processes are bad, but they are well documented and traceable).

Re:To be fair, it's a western problem too

[robertjw]

Call center employees in the US and Europe don't pull what you'd call high salaries either.

That's true, but offshore call centers make less - they have to, companies wouldn't be outsourcing to them. One of the big problems is, due to exchange rates and costs (the same reason work is outsourced there), it's much cheaper to purchase this type of information from a employee in India.

Think about it, if I read the article right, this guy sold 1000 names for about $8000. That might be his whole annual wage. If someone came to me, as a IT professional in the US and offered me $8000 to sell private corporate information, I would laugh at him. Now if someone came and offered my whole annual salary, I could be tempted. Thing is, private information on 1000 people probably wouldn't be worth my annual salary, or even the annual salary of a call center worker.

Bottom line is you can always find someone that will steal information for you for a price. Outsourcing to India, China or Russia just lowers the price of the information you want.

Re:Well

[jskiff]

Halliburton, Enron, Aldelphia, AOL Time Warner, Arthur Andersen... All these scandals were pulled off not by disgruntled underpaid employees, but by high-paid execs.

One of these kids is not like the other. Arthur Anderson's conviction was overturned by the Supreme Court. [cnn.com]

Re:Well

[qazwsxqazwsx90]

There is not just the expectation that tips will make a difference. It is required that they earn the regular minimum wage of $5.15/hr after tips or the employer must make up the difference.