Inaccurate data was shared from 3,284 customer profiles to credit reference agencies, potentially leading to refusals for mortgages, credit cards, or loans, as well as customers being granted more credit than they could afford.
The Information Commissioner’s Office (ICO) stated that determining the actual damage to each customer was impossible due to the complex nature of credit scoring and the various factors involved, but the impact was certainly negative.
In March 2021, Bank of Ireland UK was found in breach of data protection law for failing to ensure the accuracy of personal data, as required by GDPR. The official reprimand recommended that the bank support affected customers by implementing robust processes that are regularly reviewed.
Natasha Longson, ICO head of investigations, remarked: “Mistakes made by financial institutions can have far-reaching consequences on people’s everyday lives. Some customers affected may have been denied mortgages, loans, or credit cards, and could also struggle with mobile phone contracts, insurance policies, or utility services. The error made by Bank of Ireland UK could have caused significant distress for thousands. However, we acknowledge the corrective actions taken by the bank to support affected customers and enhance their data management processes. We believe a reprimand is the most appropriate outcome, and that valuable lessons have been learned to prevent such mistakes in the future.”