By 
Danske Bank has confirmed a data breach that exposed the protected address details of thousands of customers, following a coding error during a scheduled system update.
The incident, which occurred over a three-month period in 2025, resulted in sensitive address information being inadvertently included in payment details shared with recipients of domestic transactions in Denmark.
According to the bank, the breach affected approximately 20,600 customers. The error allowed protected address data—normally restricted from disclosure—to be visible to external parties receiving payments.
The bank acknowledged that the issue arose despite existing technical and organisational safeguards. It was identified in October 2025, after which corrective measures were immediately implemented.
“The issue occurred despite multilayered technical and organisational controls being in place. Once identified, a fix was deployed promptly, and a comprehensive investigation was launched to determine the root cause and full scope,” the bank said.
Following the discovery, Danske Bank conducted multiple reconciliation exercises and introduced additional controls to strengthen its systems. The institution also enhanced both its technical and operational risk management frameworks to prevent a recurrence.
The incident highlights the growing operational and compliance risks associated with system changes in highly regulated financial environments, particularly as institutions continue to modernise infrastructure and digitise services.
While the bank has moved to contain the issue, the breach underscores the importance of robust testing, monitoring, and governance in safeguarding customer data and maintaining trust in digital financial systems.
Comments