Poor training to blame for success of “blagging” techniques used by PIs to acquire personal information

phone

Unregulated private investigator firms are exploiting poorly-trained employees in order to obtain highly personal and sensitive information with conspicuous ease, according to Channel 4 programme, Dispatches.

The programme revealed that a London firm of private investigators used “blagging” to extract individuals’ data, including details of their bank accounts, medical records and national insurance numbers, which it then sold on to a third party.

“Blagging” involves contacting an organisation and giving personal information on an individual (gathered from other sources such as social media, for example) in order to persuade employees to impart other, more sensitive information.

Employees caught out by the blaggers are often of being in breach of section 55 of the Data Protection Act, which carries a fine of up to £5,000.

Yet according to Gavin Watson, Senior Security Engineer and head of the RandomStorm Social Engineering Team, these unwitting victims are being let down by their employers.

“An individual’s private data is only as secure as the businesses that handle it. Employees of organisations that are entrusted with protecting our most sensitive data need to be made more aware of the social engineering risk and trained to thwart blaggers.”

He added that “access controls and auditing technology” alone were not sufficient, and encouraged businesses to train and provide information to their staff on how to be alert to the dangers posed by blaggers.