Tens of thousands of Santander customers whose bank statements were sent to the wrong address will be entitled to up to £100 in compensation each.
This means the bank could face a redress bill of over £2 million, in addition to a potential multi-million pound fine by the authorities following the apparent Data Protection Act breach, first revealed by MoneySavingExpert.com yesterday.
The news comes as the bank has now discovered the true extent of its blunder that means victims stand a greater chance of getting hit by fraudsters.
Investigations this afternoon have shown 22,640 statements were sent to the wrong people. Yesterday, the bank estimated the number was up to 35,000 (see the Best Bank Accounts guide).
Santander is sending letters by first class post today to all those whose sensitive personal data was disclosed to third parties, which should arrive after the long Christmas weekend.
How to claim compensation
Anyone who receives a letter should call the number listed to contact a specialist complaints team handling the mess.
Only those whose statements were printed on 18 December are affected.
A bank spokesman confirmed it will offer compensation of between £25 and £100 each plus money back from any fraudulent transactions.
It is unclear how Santander will determine which customers receive the full £100. The spokesman says "redress will be determined on a case by case basis".
If you're affected, it is wise to argue your cause as strongly as possible and threaten to leave to get the full £100 as agents will have discretion.
Santander will also place tighter fraud checks on victims' accounts for the next few months. Those affected should also keep an eye out for any fraudulent transactions on their statements.
How did the blunder happen?
Santander says a glitch with one of its printers led to the error where some customers were sent part of other current account holders' statements with their paperwork.
This meant they could see other people's name, account number, sort code and recent transactions.
Both the City regulator, the Financial Services Authority (FSA), and data protection regulator, the Information Commissioner's Office, are investigating the matter.
The FSA has previously handed out fines of over £3 million for data leaks.
Further reading/Key links