Santander has admitted sending up to 35,000 customers' bank statements to the wrong addresses, MoneySavingExpert.com can reveal.
The Spanish giant, which has angered account holders all year with shocking service, now risks a multi million pound fine for disclosing highly sensitive personal information to third parties, in an apparent Data Protection Act breach (see the ID Fraud and Stay Safe Online guides).
One MoneySaver from Stockport, who wishes to remain anonymous, has reported receiving part of somebody else's Santander current account statement today, printed on the back of his.
He says he could see the person's name, bank details and recent transactions (see the Best Bank Accounts guide).
The Santander customer says he immediately alerted the Information Commissioner's Office (ICO), which regulates the handling of personal data, of the gaffe.
An ICO spokesperson says: "We have recently been informed of a data loss which involves Santander. We will be making enquiries into the apparent breach of the Data Protection Act before deciding what action, if any, needs to be taken.
"Under the Act, organisations that process personal information have an obligation to keep it secure. It is a matter of concern if information such as account details have been provided to the wrong recipient.
"Banks risk losing the confidence and trust of customers if they fail to safeguard personal information."
Santander today reported its embarrassing blunder to the City regulator, the Financial Services Authority (FSA).
How did this happen?
Santander says a glitch with one of its printers led to the error where some customers were sent part of other current account holders' statements with their paperwork.
The bank is uncertain exactly how many customers are affected but says it will be no more than 35,000.
It insists not all victims will have had as much of their information disclosed as in the example above.
Martin Lewis, MoneySavingExpert.com creator, says: "Someone needs to grab hold of the reins at Santander. The bank is continually coming bottom in customer service surveys and this is yet another example why.
"The thing people need most from their bank account is trust it'll be secure – sending statements to the wrong people doesn't do that.
"The time when it could blame takeover teething troubles is long gone [it is largely the amalgamation of Abbey, Alliance & Leicester and Bradford & Bingley]. It needs to sort this or customers will migrate quicker than a parrot seeing the snow."
What punishment could Santander face?
The FSA has previously taken a tough line on the loss of personal data, however it is unclear at this stage how it will handle the matter. It says it cannot comment on individual cases.
Insurer Zurich was fined £2.28 million by the FSA in August for losing 46,000 policyholders' personal details.
Meanwhile, HSBC was fined £3 million last year after it lost a disk containing the details of 180,000 policyholders.
The ICO fined Hertfordshire County Council £100,000 in November after employees faxed highly sensitive personal information to the wrong recipients. This was the first time it fined a firm for a Data Protection Act breach.
The maximum fine it can levy is £500,000.
Santander customer? What should you do?
The bank says the glitch affected current account statements printed on 18 December so anyone with statements printed on any other date is unlikely to be affected.
But many customers on that billing cycle won't know if they have been a victim given someone else will have their details.
However, Santander has promised to write to all those affected, who should keep an eye out for any fraudulent transactions on their statements. It has also ring-fenced part of its call centre to deal with worried customer queries about the blunder.
It says it will refund any fraud victims as a result of this incident so ensure you report any suspicious activity.
A Santander spokesperson says: "Due to a technical error at our printers a number of current account statements dated 18 December have printed incorrectly.
"We are sorry for any inconvenience this has caused and have taken immediate steps to correct this. We take the security of customer and account information extremely seriously so any incident of this nature is treated with the highest priority.
"We want to reassure customers that the risk of fraud on their account has not been increased because of this error and that this is a one-off incident."
Further reading/Key links