The Niebezpiecznik portal has informed about a data leakage from mBank costumer’s base. However, unlike in most similar cases, the leakage was not caused due to the hackers’ activity, but due to the negligence and inattention of the mBank’s employee.

How did it happen?
According to a bank representative, careless employee mistook the CC field with the BCC, when sending e-mail messages with the latest news about the bank’s investment funds. Overall, a total of 750 e-mail addresses of individual clients were revealed.

The Niebezpiecznik portal emphasized that the leaked e-mail addresses concerned a group of the wealthier bank’s costumers, which may later on attract cybercriminals specializing in data theft and phishing.

Due to the new General Data Protection Regulation (GDPR), as of the next year, such a mistake can be very costly for the financial institutions like banks, and other companies in general. According to the new GDPR regulations the institutions who have not taken the appropriate measures to protect personal data against the risks of loss can expect to receive financial fines of “up to 2% of their previous year’s global annual revenues for a first offence, and 4% for repeat offences where the regulator has previously ordered remedial action”. There are also possible criminal penalties for executives deemed responsible.