The news:
- Pre-investigation findings by South Africa’s Information Regulator have revealed that a glitch in the First National Bank (FNB) banking app exposed the personal details of 88 home loan applicants in 2023.
- Earlier in February 2023, a report emerged that an FNB client using the mobile app to apply for a home loan could see the personal identifiable information of fellow applicants, including names, identity numbers and contact details.
- Following the discovery, the client, who asked to remain anonymous, reported the apparent data glitch to the Information Regulator, which soon commenced its investigations.
When the glitch was discovered, the FBN acknowledged and reportedly informed the affected customers and the relevant authorities, as required under South Africa’s data privacy law, the Protection of Personal Information Act (POPIA).
However, the bank didn’t disclose how many customers on its digital platform were affected.
Per recent documents seen by a South African news outlet, the Information Regulator has now concluded its pre-investigation into the issue.
Part of the document explains that the incident relates to FNB home loan customers who submitted their applications through the “nav>>Home” feature available on the FNB app and FNB online banking platforms.
The feature was designed for FBN customers to process their home loan applications independently, and for bank employees to assist customers in capturing their home loan applications.
When used, the feature validates whether the user is a customer or FNB employee. The technical glitch affected the latter.
According to the documents, the glitch caused the access permissions assigned to FNB employees to be erroneously assigned to 3,173 loan customers, tagged “unintended recipients.”
Consequently, these unintended recipients could access the full names, identification numbers, and other personal information of any of the 88 affected customers.
Of the 3,173 unintended recipients with access, only 696 customers discovered they had the functionality to scroll through the in-progress home loan applications of 88 impacted data subjects, the documents show.
Be the smartest in the room
Join 30,000 subscribers who receive Techpoint Digest, a fun week-daily 5-minute roundup of happenings in African and global tech, directly in your inbox, hours before everyone else.
Chris Labuschagne, CEO of Home Structured Lending at FNB, noted in an email to ITWeb that the bank reported the matter to the Information Regulator and has since complied with their requests.
Labuschagne also assured that the affected home loan applicants have been notified of the incident and fraud monitoring has been implemented on their accounts.
The lender has temporarily suspended the mobile app feature that caused the technical error and is working to resolve the problem and test the solution before reinstating it. Having concluded the pre-investigation, the regulator disclosed that it’s assessing whether the bank complied with POPIA.
