The publication was alerted on Wednesday by one of the bank's clients that he had received a letter from the bank explaining how they had been impacted by the incident and how the bank was mitigating against potential client data compromise. It has also informed the Information Regulator, as required by law.
In an e-mailed response to questions from TechCentral, a spokesman confirmed that the bank's "ongoing monitoring processes" had detected that an employee, who had "authorised access to specific client data, copied some customer-sensitive data to an unprotected personal device in violation of the bank's strict information security protocols".
"Standard Bank takes data security extremely seriously and any divergence from this stated policy will be dealt with decisively in the interest of our clients," the spokesman said.
It said the data copied includes "limited personal and/or financial information of a limited number of clients in South Africa".
"Standard Bank does not keep or store information like client passwords and Pins, and such information was not impacted by this data incident," the spokesman emphasised.
