An Old Mutual client recently received an email containing the confidential banking information of another customer – including his ID number, address, and bank account details – all of which was not password-protected.
This is according to the Power Report in the Sunday Times.
Malefetsane Kotsi said this is not the first time he has received other clients’ emails from Old Mutual. A similar incident resulted in Kotsi receiving another client’s retirement annuity statement in 2015, and the same client’s benefit review email in 2014, although it was password protected.
The report stated that the two other clients shared Kotsi’s first name and, because the email addresses were similar, had supplied Kotsi’s email address to the company.
The Power Report asked Old Mutual why the email Kotsi received was not password protected, with Old Mutual stating that it applies the security measure to the “bulk” of customer mails.
“[We] are in the process of applying password governance to all our electronic contracts and statements,” said Old Mutual – which it plans to complete by August.
The full report is in the Sunday Times of 3 April 2016.