Salmat caused St George data breach


Business process outsourcing firm Salmat has acknowledged responsibility for a data breach at St George that saw some customers of the Westpac subsidiary receive account details that belonged to other customers.

“Our statement production company Salmat has acknowledged responsibility for the error which occured and is currently completing a full investigation,” said St George chief executive Greg Bartlett in a statement. “We sincerely apologise to our customers for this error. This incident is totally unacceptable and we are treating it very seriously.”

“I am overseeing this matter personally and we are committed to contacting each impacted customer.”

There were some 42,000 account statements in the affected production run, with the incorrect statement information containing transaction details, and in “a small proportion of cases” — according to a St George statement — account details that belong to another customer.

However, the actual account balances, data and transactions in customers’ accounts on St George’s systems are correct — it’s just the paper statements that are out of whack.

The bank is re-issuing the statements, which were sent by post on 1 March. The only affected statements were transaction and savings account statements with an end date of 26 February 2010. It has guaranteed customers will not incur any loss as a result of the error, and has setup a dedicated help line — 1300 668 460 — for customers to call about the matter.

“They have already put in place stringent measures to ensure this incident does not re-occur,” said Bartlett of Salmat. “St.George will ensure the matter is properly investigated and rectified.”

And the cause of the problem?

Salmat advised that “human error” occurred when manually re-starting an automated production process. The error was limited to that production run. The company has apologised to St George for the problem.