RHB customers have reported incidents where the bank had sent them e-statements that did not belong to them, but could still be accessed using their birthdate-related passwords. The mistake was confirmed in a follow-up email that was sent out by RHB Bank yesterday.

“It is with much regret for us to inform you that there has been an error in the e-statement sent to you via email last night due to a technical issue,” said the bank in its email. “We would like to request that you refrain from opening the e-statement, and thereafter to delete the email.”

As is the practice with most banks, the RHB monthly e-statement is sent via email in the form of a password-protected PDF file. By default, the customer’s date of birth is set as the password. E-statements typically contain personal information including the customer’s name, address, account number, and transaction details.

Given that the mix-up allowed one to use their own password to unlock and view the e-statement of another RHB customer, the issue naturally raised concerns around the bank’s data security and privacy measures. It is not known at the moment exactly how many accounts were affected by this error, or whether RHB intends to notify the customers whose e-statements had been mistakenly sent to someone else.

“We sincerely apologise for this inadvertent error. Our team is currently investigating the matter, while simultaneously rectifying the error that had occurred,” the email also said. “We will be re-sending the email to you as soon as possible upon appropriate validation being completed.”

The bank finished its email by reassuring its customers that their data safety and security are its top priority, and invited customers with further concerns to contact customer service.

(Source: The Vibes, Lowyat.NET)

• TAGS:
• Banking Services
• Data Breach
• E-Statements
• Privacy
• RHB
• RHB Bank