Privacy Breach by Ex-Banking Employee - Advice?

TL:DR - seeking advice as an ex banking employee has taken our private details across to a mortgage broking firm and begun to contact us (for what purpose I really don't know, guessing their services, but they did say in the msg they were touching base as haven't spoken since they had left the bank).

Hey everyone hoping to get some advice here cause I haven't dealt this before and not sure what to do about it…

Have been dealing with a bank for the past 9 months. We recently refinanced to them and was having some issues with communication with the lending specialist throughout that time. They were very friendly obviously during the refinancing discussions and we did get a good rate and a cash back. Issues came when we were trying to increase our loan to purchase another property. Didn't inspire any confidence with that process, so we've been looking to refinance away again.

Fast forward to yesterday and we're speaking with the person that's taken over that particular role about a rate review etc. Find out that there have been similar complaints about that particular previous employee and was advised that that employee is no longer with them anymore. Asked if we would like to submit a complaint based on the miscommunication during previous interactions with that employee and agreed to it.

…The next day (today) both my wife and I are receiving phone calls from the ex-employee from a different number at their new job with a mortgage broking firm! What on earth! They've taken who knows what details across from the bank (that obviously I submitted to the bank in confidence) to now be contacted by them for what purpose? I've gone back to the bank to state the breach and based on what they know they're escalating it to a lending manager to contact us and discuss…

Where do we stand with this? Should I seek legal advice? What can I do about it?


  • +5

    You've reported it to the bank.
    I'd report it to ASIC who licenses banks and mortgage brokers. And also OAIC for good measure.

    • APRA licenses banks and brokers - ASIC is the corporate watchdog which oversees all industry but APRA is specific to the finance industry.

  • +13

    The bank will take this very seriously and will certainly contact you about the investigation and process.

    Also, what was the person thinking when taking the customer data……like it wouldn't be an issue.

  • -7

    Just say what money you want as compensation already. Of which you are entitled to zero.

    • Nah OP just wants a letter of apology, truly sowwie…..


  • +6

    It's not the bank at fault here but the ex employee who "stole" your data from them. Can you find out if the brokerage where he is now employed goes through an aggregator? Eg Connective, Finsure, Mortgage Choice etc. I would be submitting the complaint directly to the aggregator for investigation.

  • +3

    Ring the mortgage broking firm and ask to speak to the head of the firm.
    Say you wish to report an employee for abuse of your data and explain your case. Let them know you have also reported the breach to the bank and are escalating the matter.

  • +1

    Should I seek legal advice?

    For what?

  • +1

    This reminded me, with all the scams and data breach cases on the rise laltely, I wonder how many such cases are the result of ex employees taking (stealing) data when they leave/get fired.

    • -4

      My guess was honestly all if not most of them.

      Most people don't just hack businesses for no reason but bored or disgruntled employees oh boy they don't need a key they are already in.

  • So what outcome are you seeking?

    If you want this person to stop contacting you and destroy any information they have, then tell the person and write/email the employer and advise them of the breach and the remedy you are seeking. Contact details will be in the privacy policy on their website & also contact details for privacy commissioner

    Why does everyone want to resort to legal threats first up instead of using common sense first

    • You might have answered your own question there… :)

  • Stand firm with the bank and the bank will work it out with their ex-employee.

  • -5

    Gee, just to summarise for everyone.

    First paragraph is a pre-emptive conclusion… (If you want, block it out and read the rest of the content and it will make more sense.)

    OP has been dealing with the bank for the past 9 months, refinanced successfully but had issues with communication. Subsequently during those 9 months and after refinancing, they experienced difficulties increasing the loan amount which is obviously common during these financially challenging times. There is nothing conclusive there, but you can always choose to shop around; maybe even that ex-employee can help.

    Sometime this week you were contacted by a representative from the bank. You do not mention the reason for this but it seems probable it was related to the loan increase application. No doubt, you did not get anything useful in terms of an actual increase; otherwise you would have mentioned it.

    From what I can tell at this point in time the new employee bad mouths old employee. That is the typical bashing to build rapport on the bank's side as they know they are at risk of losing you as a customer; notably you might have even slipped that you were looking to refinance away and thus they wanted to protect their loan book.

    At this point, likely there were actually no previous complaints towards that ex-employee. Ex-employee now has your details because bank has passed on details about the complaint to them. You know what purpose the call was for, it was about your complaint at the bank, it's not about refinancing, that's for sure. Don't play dumb here…

    Have you got evidence about your allegations because it looks like you are about to get into a whole lot of trouble, possibly that other new bank employee might soon be out of a job.

    So guys, read through the lines and you can see what actually happened.

    • Why would the bank pass on the OP's details to the ex-employee? If the bank has a customer complaint/issue raised against an employee and they leave then the complaint/issue will be closed.

    • +2

      Gee, just to summarise for everyone.

      And then goes on a 4 page rant… the irony is not lost on me.

      • +1

        the irony is not lost on me

        Also with the username.

    • So guys, read through the lines and you can see what actually happened.

      I did and you are incorrect.

  • I'm not a lawyer, but I do work in cybersecurity and information security within highly regulated industries.

    Based solely on your first post, reading it at face value:

    • Their previous employer has faced a notifiable data breach if you believe this has caused you serious harm (including serious physical, psychological, emotional, financial, or reputational harm). They should notify the OAIC if they believe this has brought you serious harm. Your personal information was disclosed to an external entity without authorization.
    • The organisation that contacted you has opened themselves up to litigation if they authorised the use of your personal data which was obtained, stored or accessed without consent.

    I'd surmise the employee in question has taken a list of clients with them, and in either case - the corporations will throw the employee under the bus. This is common in both finance and sales-related fields, unfortunately. These individuals need to have access to personal data like contact information, financial information, etc to do their job - and the data/access controls in place are never very good.

    If this is investigated, the person contacting you will very likely at least lose their job. There isn't an employer in Australia that would keep such a liability on their payroll.

Login or Join to leave a comment