Is it required to notify a customer if another customer was mistakenly given that customers informaiton - (account number and balance). The customer receiving the information notified us immediately.

Thanks in advance!

You have a "sensitive customer information" security breach. Response should be outlined in your incident response program.

We notify them and advise them to monitor their account for suspicious activity. We do not automatically block the account or place a message on the account.

If the information disclosed can potentially result into an identity theft case, you should notify your customer.

I would not classify the accident as a security breach. It was a simple mistake and not an illegal and intentional action.
However, it is still a security/privacy violation. Therefore, the customer should be notified and the account monitored regularly for suspicious activities.


Christian Malatesti, CISSP, PCI QSA
Enterprise Risk Management, Inc.

We would notify the customer and give them the option to continue to watch their accounts or we would be happy to open a new if they would like.