Nationwide customers should watch out for spam messages, after email addresses were revealed in a monthly newsletter sent by the building society to some of its members.

Key Points

  • Nationwide blunder reveals email addresses
  • One customer saw a dozen different addresses
  • Building society says technical error now fixed

When customers clicked a link to enter a competition in Nationwide's February newsletter, they were taken to a page which asked them to check their email address against the one shown on screen. Yet other people's email addresses have appeared in that box.

Nationwide admits a technical issue affected a test version of its newsletter sent to a "small number" of customers, but says this was fixed after we alerted it late last week.

However, the building society won't confirm how many people received the gaffe-riden email, how long the problem lasted for and whether the email addresses revealed were those of other Nationwide customers, although they presumably were.

Wrong email was first alerted of the issue by Nationwide customer Graham, from Gloucestershire (we've withheld his full details).

On reading the newsletter sent to his wife — also a Nationwide customer — he found that when clicking the 'register now' link to enter a competition to win a West End experience, he landed on a page asking him to confirm his email address.

But instead of seeing his wife's address, someone else's was on screen.

Over the course of a day, he told us he saw around a dozen different email addresses that had nothing to do with him or his wife. news editor Guy Anker says: "Banks and building societies are institutions that must keep your personal details safe, given the highly sensitive nature of data.

"This is not the most serious breach we have seen but it is nevertheless worrying.

"This incident reinforces the much-touted advice that if you receive any suspicious emails, you should not open them or click any attachments. Just delete them."

Spam risk

The danger from revealing email addresses is nowhere near as severe as it is with other personal data such as names, addresses, dates of birth or bank/credit card numbers.

However, it can expose victims to spam emails, whether for sales or fraud purposes, or emails can be used by hackers to plant viruses.

Also, ensure your computer is adequately protected with antivirus software (see the Free Antivirus Software guide).

Banking blunders

Nationwide's gaffe is the latest in a spate of instances where banks and building societies have mistakenly revealed customer details.

In 2007, the Financial Services Authority (FSA) fined Nationwide £980,000 for failing to have adequate procedures in place to protect customer data. This followed the theft of a laptop, which contained confidential customer information, from a Nationwide employee's home.

Three years later, Santander sent 22,640 customers' bank statements to the wrong addresses (see the Santander statement leak MSE News story).

It's not just banks that mess up. Last year hotel booking site admitted a technical glitch had caused customer email addresses to be exposed (see the glitch MSE News story).

A Nationwide spokesman says: "There was a technical issue affecting a test email for our newsletter sent to a small number of our members.

"A handful of customers have contacted us to report they were affected by the issue, which resulted in them seeing another person's email address instead of the one they have registered with us.

"We are very sorry if this has confused or inconvenienced the people who received the email."