Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Weird banking error and possible GDPR breach?

Options
  • 28-01-2023 4:30pm
    #1
    Registered Users Posts: 108 ✭✭


    Hi, any help or comment on the above would really be great. So to cut a long story short, My dad went into the bank to withdraw money/ set up a bank draft. However, due to an error (the bank have yet to explain how this happened) my dad was able to access my personal account, and withdraw a large some of money from it. Now, this is where the story gets weird, he thought he was taking it out of his account, he and I have the same name. Being elderly he had very few details on him going into the bank, the cashier trying to be helpful was able to access my personal and savings account, then set up the draft, the money was taken and off my dad went. However, my dad noticed an error on the draft (made out to wrong person) and returned to the bank later to fix the error on the draft. In short, my account was accessed again.

    This happened a few weeks ago and the error was only spotted by me now, when I noticed the large some of money missing. In the meantime I happened to be speaking with my dad and he noticed the sum of money being the same as what he had withdrawn a few weeks earlier. Sure enough, he had his draft reciept and guess what, it was my IBAN written on it.

    So my question is, does this constitute a breach of my personal data? The details of my account were discussed by the casheir and my dad, including amounts of money in the account, etc. The bank have been very slow to respond and have stated it was just a simple error on the bank cashiers part.



«134

Comments

  • Registered Users Posts: 253 ✭✭phildub


    It was just a simple error in the cashiers part, but also a massive gdpr breach! They should have contacted you to inform you of the breach.



  • Registered Users Posts: 108 ✭✭MicK10rt


    No such contact, I had to discover the breach myself and I also had to do the investiagtion work so to speak. I was able to identify what happened mych quicker than they could. I have spoken with the branch, they seemed to suggest it wasnt much of an issue. In fact it was a strange phone conversation (something along the lines of, sher the casheir is very upset blah blah and sher its all fine now). Very strange call and shying away from any question related to my IBAN being shared.



  • Registered Users Posts: 8,051 ✭✭✭joeguevara


    But they are not aware of the breach. A person with the name (for example) John Smith with an address of xyz street withdrew money from account John Smith at xyz street. The account details on the draft were the same as the account withdrawn.

    They become aware when the correct account holder informs of missing money. Have they been informed?


    there definitely has been a breach but more likely a security breach rather than gdpr. I’m not sure if it’s gdpr without knowing what information was disclosed to the father such as amount in account, payments, direct debits etc.

    sharing iban is not a data protection breach as it wouldn’t give access to personal information without a PIN number. Hopefully gets sorted and controls put in place to ensure that this doesn’t happen to you or other customers again,



  • Registered Users Posts: 108 ✭✭MicK10rt


    That's just it, amounts in account was shared, we don't know what else was shared with dad. We can't even be sure it is the first time! It was a joint account and my partner is very upset that my dad now knows how much we had in it. I asked about GDPR as I'm not well up on it but would like to know if people think it is. As far as the bank goes, I've lost faith in their ability to keep my money safe so have started the process of moving banks. I'm also not convinced that this is the first instance of this on a wider scale. They suggested it was the first they had ever heard of it. Hmm



  • Registered Users Posts: 25,838 ✭✭✭✭Mrs OBumble


    How did your father know it was your account that was discussed with him?



  • Advertisement
  • Registered Users Posts: 108 ✭✭MicK10rt


    I have two accounts, one with money and one without, he was told the amounts in both and having spoken with my father I was able to verify this to be the case. At no point did they access his account



  • Registered Users Posts: 8,051 ✭✭✭joeguevara


    Why were you talking to your father about amounts missing from your account if you don’t want to talk to your father about amounts in your account, and how does your father remember if amount totals were mentioned to him when his memory of being in the bank are sketchy.


    anyway focus on money missing from your account rather than data protection. Say you want it reversed with interest as it wasn’t you who withdrew it.



  • Registered Users Posts: 1,387 ✭✭✭Lenar3556


    Sounds like a simple mistake made by the cashier whilst trying to assist your dad in carrying out his business.

    Presumably the funds which were debited in error have now been returned to your account?

    I’d leave it at that. I’m not particularly convinced from your summation that there was any data breach. There was a security failure within the bank for which they would be liable. It appears you have suffered no loss.



  • Registered Users Posts: 620 ✭✭✭Duvet Day


    If they discussed the account balances with your dad then he should have known immediately that it wasn't his account unless you both have the exact same balance which is very unlikely?



  • Registered Users Posts: 13,131 ✭✭✭✭Purple Mountain


    Did he not need to put in his card into the debit machine at the counter and enter his pin?

    This is the normal practice in a branch for withdrawals at the counter.

    To thine own self be true



  • Advertisement
  • Registered Users Posts: 25,838 ✭✭✭✭Mrs OBumble


    Sure - but how does he know those were the amounts in YOUR account, as opposed to Joe Soaps' account?

    I agree it's a security breach. He should not have accesses to any account other than his own. Not sure re privacy issues though.



  • Registered Users Posts: 1,336 ✭✭✭RetroEncabulator


    That’s rather sloppy security breach. I’d start by reporting it to the bank. It sounds like they’re completely unaware of it. The cashier is not supposed to process a transaction like that without ID. The bank itself would have very tight protocols and procedures in place.

    Giving out account information is a data protection issue too.



  • Registered Users Posts: 3,636 ✭✭✭dotsman


    OP, do you live at the same address as your father? If not, did you confirm your change of address with your bank whenever you first moved out (assuming you lived at your father's address at some stage)?



  • Registered Users Posts: 9,277 ✭✭✭markpb


    OP said their father has the same name so ID, if it was used, wouldn’t have avoided this problem. You’d imagine the account search would have given the cashier two possible accounts and they’d need something else like DoB (if it’s available to them) to confirm the right one.



  • Registered Users Posts: 108 ✭✭MicK10rt


    Let me clarify, I don't particularly care if he knows, it's my partner, remember half of it is hers. She has a huge problem, so that's one issue. My dad doesn't even know how much is in his own account so when they discussed the amount it didn't ring alarm bells.

    I'm disappointed by the breech, I'm also concerned by the bank's response. Just a minor mishap. Others could have been effected. I'm sure it's not a one off occurrence.



  • Registered Users Posts: 2,116 ✭✭✭Ger Roe


    This is the procedure to follow, if you have a complaint to raise against a financial institution.

    State your case and concerns, and let them investigate and come to a conclusion.



  • Registered Users Posts: 4,229 ✭✭✭blackbox


    Did your father have your bank card?



  • Registered Users Posts: 6,521 ✭✭✭The Continental Op


    I would expect some small amount of compensation from the bank (nothing huge) as a gesture of goodwill and admission of them getting it wrong.

    Unfortunately the training of bank staff seems to be woeful. I know from personal experience with my own bank BoI if its not a simple answer they don't know and even then they may get it wrong.

    In the last three years I've had three issues with UK banking institutions and got compensation after making a formal complaint each time. If it doesn't get investigated it will never be flagged for better training or policy change. No I don't go looking for compensation I'd prefer it if the banks got it right first time.

    Wake me up when it's all over.



  • Moderators, Social & Fun Moderators, Society & Culture Moderators Posts: 6,749 Mod ✭✭✭✭HildaOgdenx


    If your partner's name is on the account, the cashier should have noticed or asked your dad if it is a joint account. I presume your dad would have known then that it wasn't his account.

    Have a look at the complaint procedures posted above and put in a complaint, in writing, to your bank. If nothing else, it might prevent this happening again. I know you have mentioned moving your accounts anyway so I presume there won't be any more mixups, for you.

    Get your dad to take out bank statements - I presume he has some - and tell him to bring one with him or even just the part where the account details are shown, in future.



  • Registered Users Posts: 108 ✭✭MicK10rt


    No he did not. He didn't have anything belonging to me. Bank cashier didn't follow procedure.



  • Advertisement
  • Registered Users Posts: 8,051 ✭✭✭joeguevara


    What do you want to happen? People will be able to advise based on that.



  • Registered Users Posts: 45 Helgagirl


    Not quite the same experience, but myself and partner have separate bank accounts, opened with same bank but different branches. The only connection between our accounts would be same address, and also as my partner doesn't use email, same email address. I had rung about a problem I had accessing my account online, and I was being sent a text message with a code. I received no text message, but my partner got one from the bank on his phone. This happened twice over two days of phone calls so seems unlikely to have been a coincidence, but I was told by the bank that it wouldn't happen. Add to this that instead of telling me that they were finished for the day, they just hung up on me before the problem was sorted, which is why I say phone calls over two days.



  • Registered Users Posts: 2,645 ✭✭✭endofrainbow


    Something similar happened to me pre GDPR. I was given someone else's balance details (same name ).


    After a very strongly worded letter to said Building society, I received a bouquet of flowers and a bottle of champagne to my home address.


    Closed my account a week later as I didn't have trust in their privacy procedures.


    An overzealous undertrained 'yellow pack'. Horrible when it happens to you.



  • Registered Users Posts: 1,297 ✭✭✭Count Dracula


    I don't believe a few things.

    1) The bank permitted a withdrawal from one of their accounts by anyone not in possession of the account bank card.

    2) Your Dad never mentioned the phuck up in the first place. It somehow took you weeks to cop what happened, despite your Dad copping it after the fact.

    It is not a GDPR issue because it is unlikely to have ever happened.

    This is fairly convenient for your scenario.

    Internal banking procedures are not relevant to you. The bank has a duty of care to secure your money safely. Handing money over to a non-account holder is not only a breach of duty ( negligence ), but is a criminal offense in this scenario.



  • Registered Users Posts: 10,786 ✭✭✭✭martingriff


    Would have believed if it was not the flowers and champagne unless you are a Manager of a very well to do company and I mean very well to do



  • Registered Users Posts: 6,613 ✭✭✭Allinall


    How do you reckon it’s a criminal offence?

    What specific law was broken?



  • Registered Users Posts: 2,645 ✭✭✭endofrainbow


    Believe what you want. They were accompanied with a most grovelling apology.



  • Registered Users Posts: 1,297 ✭✭✭Count Dracula




  • Registered Users Posts: 13,131 ✭✭✭✭Purple Mountain


    To thine own self be true



  • Advertisement
  • Registered Users Posts: 1,336 ✭✭✭RetroEncabulator


    The most embarrassing one ever was when I was in college, and this was quite a few years pre GDPR but not in medieval times either.

    I had a long standing bank account in one of the banks, but it wasn’t my main one and it had gone overdrawn by a small amount - empty account and they withdrew fees.

    I’d opened a new account with the college branch that was doing some crappy promo offer.

    My mam happened to be in the branch one day & the manager mentioned it to her and asked if she’d like to lodge some cash to clear the outstanding balance!! It was intended to avoid some kind of unauthorised overdraft fee but it caused a row!

    My mam assumed I’d blown my entire borrowed budget, which they’d helped out with, on some wild party or something and I got a very awkward phone call and panicked voicemail about what the feck I was spending my money on …

    I was over 18 and it was none of anyone else’s business. I’ve never banked with that organisation again.



Advertisement