Presumably Rabo have a centralised customer email system based in their Dutch HQ, which also handles email for Ireland and New Zealand. It's very unlikely that customer email addresses were exported to New Zealand. If anyone wants a third party to investigate, they could ask the Irish Data Protection Commissioner, since the data was acquired in Ireland. But I think that would be making a mountain out of a molehill. Rabo made a mistake, and computers make it easy to duplicate small mistakes thousands of times. That's all.