Skip to content

Wrong Check Images Provided to Online Customer

Answered by: 

Question: 
Is accidentally exposing the incorrect check images to customers via online banking considered a reportable event for information security and privacy purposes? I am thinking that it is, since users can save the images to their desktop or other device. The check images are not images of the online banking user's checks, but of other customers' checks that contain bank account number, name, address and a signature.
Answer: 

It would seem to me that this would be considered an information security incident with nonpublic personal financial information at least potentially disclosed to recipients to whom it should not be available. As such, you should apply the procedures in your information security incident response program (and if you don't have one, you definitely need to develop one - if nothing else, the regulators expect you to have one). You'll need to determine the sensitivity of the information disclosed (and in this case, it sounds fairly sensitive), the extent of the unauthorized disclosure, and the likelihood of the information being used for fraudulent or malicious purposes, and proceed accordingly.

First published on BankersOnline.com 11/08/10

First published on 11/08/2010

Filed under: 

Search Topics