Data watchdog advised RBS on historic data breach affecting NatWest customers
The Information Commissioner’s Office (ICO) has provided advice to Royal Bank of Scotland in relation to a historic data breach affecting over 1,600 NatWest customers, according to reports.
The data breach, which relates to files left in a former NatWest employee’s home for over a decade after she left the bank, has not been disclosed to customers but was reported by The Times this morning.
The former bank worker was sacked in June 2009 but continues to possess personal information believed to include account and sort codes, credit card details, account histories, addresses and phone numbers, among other information.
RBS was not required to disclose the breach as it predates the GDPR and its mandatory reporting requirement.
According to The Times, talks between the bank worker and RBS on the return of the data have stalled over a number of issues, including her desire to make copies and submit them to the ICO and Financial Conduct Authority (FCA).
She said: “I still hope to find a way forward with RBS to return the data in a secure manner.”
The ICO, which was alerted to the situation by the former employee, said it had advised on the situation and added: “We are satisfied that the potential risk posed to individuals does not warrant further action, despite there being a change in the law (GDPR) since that time.”