[BreachExchange] UK’s biggest pub chain Greene King accidentally leaks bank details of 2,000 staff in email

Inga Goddijn inga at riskbasedsecurity.com
Wed Nov 30 17:59:10 EST 2016


https://www.thesun.co.uk/news/2290843/uks-biggest-pub-chain-greene-king-accidentally-leaks-bank-details-of-2000-staff-in-email/

Greene King offered one year's identity theft alert as compensation
but angered staff say it's not good enough.

THE UK’s largest pub retailer and brewer have been forced to apologise to
its staff after accidentally leaking their personal bank details.

Members of the Greene King’s payroll department sent an email to managed
pubs notifying them of a HMRC error and explaining how they would fix it.

But the e-mail, sent on Thursday, contained a list of over 2,000 bank
account numbers and sort codes for some staff.

Realising their data breach management at the Cardiff branch, where the
email is believed to have been sent from, quickly began handing out letters
informing and apologising to staff for their error.

Under the heading ‘briefing points for discussion with affected team
members’, the letter read: “I’m contacting you to let you know that
unfortunately Greene King has identified a data breach as part of a
communication that was sent to pub computers yesterday explaining that HMRC
had made an error in the calculation of tax codes for some people ahead of
pay day today.

“The e-mail contained an attachment which included bank account details of
some of our team members and I’m sorry to tell you that your name, account
number and sort code were included in the list.”

The pub then told staff to “keep a close eye on your bank account over the
coming days and notify your bank should you see any suspicious activity.”

After discovering their mistake, Greene King, who has now launched a full
investigation, said their IT team worked through the night to delete the
e-mails from inboxes.

To compensate their staff, the retailer, who described the incident as
“totally unacceptable” offered staff affected the option to have a 12 month
subscription to an identity theft alert scheme, paid for by Greene King.

But one angry worker at the Cardiff office, said: “Their offer of
compensation was laughable.

“People could end up losing lots of money over this if their details have
got into the wrong hands.

“That e-mail would have gone to so many different managed pubs, it’s a
scary thought if your name and bank account details are on it.

“I know they said the IT department are deleting things and overriding
computers, but what if someone printed the e-mail out, there’s no way to
stop it then.

“It’s a human error, but to be honest it’s a massive one, and we’re not
happy about it.”

Signing off the apology letter, they said: “On behalf of Greene King I
would like to say again that we are very sorry that this has happened and
please be assured that the business is committed to doing all it can to put
it right as soon as possible.”

The mistake is not believed to have contained any other information linking
the details back to the person involved, such as their National Insurance
number or home address.

A spokesman for Greene King said: “On Thursday night we discovered the bank
account number and sort code details for just over 2,000 of our 44,000 team
members were emailed in error to a number of our pubs earlier in the
evening as part of a communication about an HMRC tax code error.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161130/f68e15eb/attachment.html>


More information about the BreachExchange mailing list