About
Subscribe

Nedbank glitch exposes database

Johannesburg, 08 Oct 2009

A glitch in Nedbank's internal database has resulted in about 12 000 of the big four 's client details being freely available on the .

A Google search by one of its clients of his cellphone number unearthed the fact that a spreadsheet database of the bank's internal survey list was available online.

ITWeb contacted a few of the affected people, who are Nedbank customers, and some expressed outrage that their details were freely available. One client was irate, and says he will take the matter further with the bank.

Two others say, while personal details are available to direct marketing companies, they were not pleased with the breach in the bank's information.

One says he doesn't remember taking part in a survey, but was not too concerned that his e-mail and cellphone number were available. “A bank account number would be something else,” he says.

Errant link

Spokesperson Kerri Savin says the “errant link” had been reported to the bank and was deactivated immediately.

“The link accessed a staging platform that should not have been accessible by the public. The information contained on the file was very old [from 2005] and was not sensitive financial information.”

She says access to this staging platform can in no way endanger the bank's secure systems or confidential client information. However, measures have been put in place to ensure this will not be possible again.

Steven Ambrose, MD of World Wide Worx , says banks do have a duty to protect personal information. Even if the link is removed, he says it could still be available as it was on the Internet and would have been cached somewhere. “Deleting the file does not delete. People have no clue how powerful, how pervasive and how extensive the Internet is.”

Share