BOI Data Breach

Warrior2

New Member
Messages
8
Hi,

Fist time posting, I have all my bank accounts with BOI, recently they allowed another random individual with the same name, access to my online banking and I received access to his accounts.

I transferred a sum of money from his account to one of my accounts which I informed the bank immediately. The other individual had access to all my accounts including a current, credit card, loan and savings.

The bank have offered 500e compensation, which my solicitor says is not near enough for the seriousness of the breach.

Can anyone offer any advice?

Thanks
 

Brendan Burgess

Founder
Messages
38,125
In what way did you lose out?

Have you lost any money?

It seems to me to be annoying.

I would not like AIB to give details of my online accounts to anyone, but it would hardly be earth shattering if they did.

Brendan
 

Warrior2

New Member
Messages
8
They suspended access to my bank account for three weeks and my DD’s bounced and I almost didn’t make my mortgage payment to another bank. Plus all my transactions were given to the other individual.
 

Brendan Burgess

Founder
Messages
38,125
Ah, that is much more serious and disruptive than just giving someone information about your account.

Make sure to check your record with the Central Credit REgister to make sure your credit record is clean.

You don't need a solicitor by the way. The Ombudsman is great for cases like this. They are quicker and free. And because they name and shame BoI will be anxious to settle it fairly.

Brendan
 

DeeKie

Frequent Poster
Messages
394
Also raise data protection law issues with them. It sounds like a serious breach.
 

NoRegretsCoyote

Frequent Poster
Messages
782
Hi,

Fist time posting, I have all my bank accounts with BOI, recently they allowed another random individual with the same name, access to my online banking and I received access to his accounts.
How did this happen? Did you log in to your own account and find you could click to access the other person's accounts?

Why did they suspend access to your accounts?
 

Peanuts20

Registered User
Messages
102
Firstly you should make a formal complaint in writing through the banks complaint process. On your complaint point out that your credit rating may have been damaged as a result of the DD's bouncing in error. Ask for a formal explanation in writing as to why this has happened, ask them to write to everyone who had a DD bounced explaining that this was down to a banking error. Do a credit ref check. Threaten then with a complaint to the DPC unless suitable compensation and response is received back within a specific timeframe (otherwise bank will drag this out).

Manure happens but it's how the bank responds to it that seperates good banks from the bad. €500 is not enough in my view.
 

RedOnion

Frequent Poster
Messages
3,271
Threaten then with a complaint to the DPC unless
Why "threaten"?
This is a reportable incident, so the bank should have already reported this.
Either contact the DPC or don't, but a threat is a waste of breath.
 

Warrior2

New Member
Messages
8
Hi All,

Yes I already reported this to the DPC, I am waiting to see what the results are.

For the above, yes when I logged into my online banking, the other persons account appeared and it let me transfer money from their account to mine.
 

DeeKie

Frequent Poster
Messages
394
Hi All,

Yes I already reported this to the DPC, I am waiting to see what the results are.

For the above, yes when I logged into my online banking, the other persons account appeared and it let me transfer money from their account to mine.
Good. Tell the bank you reported and that their figure is too small.
 

Warrior2

New Member
Messages
8
Any idea what would be an appropriate amount? Considering they disclosed my personal loan of 23K
 

DeeKie

Frequent Poster
Messages
394
Hard to know. You can claim for non-material loss now under data protection laws but there are no reported cases yet setting damages levels. I’d consider trying for €5000, but have no idea.
 

NoRegretsCoyote

Frequent Poster
Messages
782
But seriously, one random person knows you have a bank loan. How much damage does this cause you?

The principle is important, but the Bank didn't disseminate it widely.
 

RichInSpirit

Frequent Poster
Messages
813
As a fellow BOI customer I'm curious how they mixed up the accounts.
Do both account holders have the same name or surname or something similar.
I once got another customers bank statements and I suspect they got mine. We didn't have the same name. I suspect it was a malfunctioning envelope stuffing machine.
About 20 years ago though.
I got no thanks or even acknowledgement or God forbid compensation. :)
I say take the €500.
 

Warrior2

New Member
Messages
8
After a few solicitor letters, the bank have replied with a substantially bigger offer, However, this does not even cover the interest on the loan I have with BOI. Advice please? My solicitor is recommending court action as the amount of compensation should cover the legal fees and interest and the compensation that they have already offered. Both account holders have the same name.
 

TLO

Frequent Poster
Messages
234
Hard to know. You can claim for non-material loss now under data protection laws but there are no reported cases yet setting damages levels. I’d consider trying for €5000, but have no idea.
This is the problem. There is no case law to provide guidance as to the amount of compensation that should be paid. GDPR suggests that the Data Protection Commissioner could look for fines of "€10M or 2% of global turnover, which ever is greater" for "less serious breaches". And this is a serious breach. OP's solicitor is best placed to advise. Having said that, compensation in the low six figures may be appropriate given:

1) seriousness of the breach.
2) the new GDPR environment in which banks, and the rest of us, operate.
3) the possibility of systemic failings within BOI in relation to "data protection by design".

Ultimately, it will be up to the courts to decide on compensation. I suspect that if the OP were to instruct his/her solicitor to issue proceedings then BOI will fold before this gets publicly aired in court. BOI will not want to be a party to the establishment of case law on this one.
 

Warrior2

New Member
Messages
8
Thanks TLO for your comments, The bank increased their compensation to a lot more than what was originally offered of 500e. However, It is still not enough to cover the loan that they provided and they disclosed. They disclosed the details of my loan to my neighbor, something I am not happy about and I have lost all trust in my bank. I think I will have to take this further and leave the sand Bank.
 
Top