14 DAY TRIAL // Late last week Santander's UK branch announced a data breach incident which involved the bank statements of 22,600 customers being sent to the wrong recipients.
Santander is the brand under which Abbey, Alliance & Leicester and Bradford & Bingley operate in the UK since their takeover by Spanish financial giant Grupo Santander.
According to a bank spokesperson, the incident was the result of a printing equipment error at a third-party company paid to send out the statements.
"With the bank statement, the first page contains the name and address, the account number and sort code. This was correct," a Santander spokesperson told eWEEK.
"However the problem happened on page two and onwards, which included information of other customers, including their names, account numbers and transaction history," they explained.
The bank will send out corrected statements and will notify all affected customers about the potential privacy breach, but stresses that the risk of fraud is very small.
The organization has alerted the Financial Services Authority (FSA) and the Information Commissioner's Office (ICO) also launched its own probe into the incident.
"We have recently been informed of a data breach involving Santander. We will be making enquiries into the circumstances of the apparent breach of the Data Protection Act before deciding what action, if any, needs to be taken," the ICO confirmed.
"Under the Data Protection Act, organisations that process personal information have an obligation to keep it secure; therefore, it is a matter of concern if information such as account details have been incorrectly provided to the wrong recipient," it added.
The Information Commissioner's Office can issue fines of up to £500,000 for violations of the Data Protection Act. In November it fined Hertfordshire County Council with £100,000 after its employees faxed sensitive legal documents to the wrong recipient.
Luckily for Santander, the printing equipment is reset after producing 35,000 statements. This prevented the same error from occurring on the 150,000 statements printed afterward.