The UK’s tax office, British Telecom and British Gas have unwittingly provided sensitive personal data to private investigators using illegal methods, according to a report penned by the Serious Organised Crime Agency.
Private investigators have been able to “blag” bank account information from British Gas, obtain details of individuals’ income and tax paid from HMRC and acquire private information from British Telecom, according to the leaked unredacted report, which was published by investigative news agency Exaro.
The 2008 Soca report was previously published with the names of the three organisations kept secret. It comes as pressure mounts on MPs to publish a separate list compiled by Soca of 102 companies and individuals who used the services of four rogue investigators, convicted last year of obtaining private data via illegal means.
The list was provided to Parliament’s Home Affairs Select Committee last week under the condition that it was kept secret. It had previously been passed to the Leveson Inquiry during its investigation into press standards and phone hacking. However, it was not reviewed as part of that process as Lord Justice Leveson did not consider that it fitted into the remit of his inquiry.
Dubbed “blue-chip hacking”, the committee is debating whether to use parliamentary privilege to reveal the companies concerned.
Keith Vaz, who chairs the committee, said he was considering whether to publish the information during parliament’s summer recess and was asking members whether they wanted him to summon the director-general of Soca to the committee at the beginning of September to discuss the list.
“It is becoming slightly farcical: we have a list of peoples’ names which everybody knows can’t be published, even though the companies are not being investigated,” he said.
Soca, in a letter to the committee, has underlined that the inclusion of individuals or companies on the list did not mean that they had committed a criminal offence.
It has since emerged that the Metropolitan Police is in possession of a second list, thought to contain a further 200 companies, which is said to include law firms, banks and pharmaceutical companies.
On Monday, Mr Vaz wrote to the heads of industry regulators, including those who oversee the pharmaceutical, legal and financial industries, to obtain clarification on what guidelines, if any, they issue to organisations on the use of private investigators.
Soca declined to comment further on the unredacted version of its report. “We don’t comment on leaked information,” a Soca spokesman said.
BT declined to comment. However, Mark Hughes, managing director of BT security, had previously disclosed as part of his testimony to the Leveson inquiry that BT had seen 19 cases of fraudsters manipulating employees to obtain personal information in six years to February 2012.
A spokesperson for HMRC said: “We take the protection of customer data extremely seriously so we constantly review our processes and procedures in light of developments in the e-security world, together with the expert technical and strategic advice we receive from our advisers and in-house teams.”
A British Gas spokesperson said: “Protecting our customers’ data is extremely important and our security processes are regularly reviewed so that we uphold the highest standards. We treat any allegations of improper access very seriously.”
Additional reporting Vanessa Houlder, Daniel Thomas and Guy Chazan
Get alerts on Leveson inquiry and phone hacking scandal when a new story is published