|
Dear Sven,
We’re reaching out to alert you to a regretful breach involving some of your personal information. We want to stress that the breach was immediately contained, and our thorough investigation has found no evidence that your data has been exposed or compromised. |
|
|
| What happened? |
On 28 September 2022, we discovered that a member of an ING Tech Support team sent work files containing ING data to a personal email address.
Although this person was authorised to access the ING data for work-related tasks, sending these files to a personal email address is strictly prohibited and goes against our policies and data handling procedures.
The files contained historical information about your international assignment, including name, citizenship, country, city of residence, gender, date of birth, e-mail addresses (ING email address in most cases), job roles & levels, base salary information and the total number of family members (no other data on your family members was included).
We want to emphasize that no government file details (e.g., driver’s licence, passport) nor any other additional identity information was included in this breach. |
|
|
| What has ING done to rectify the issue? |
| ING has conducted a thorough investigation and there is no evidence of any harm to the data subjects. We have ensured that the unlawfully gathered data was deleted from the personal devices (laptop and smartphone) of the team member. We also obtained a signed legal declaration from this person confirming that all data has been deleted and not shared with anyone. Data Protection Officers in all ING locations have been informed of this breach. |
|
|
| What action should you take? |
- be vigilant to any unexpected messages or contact related to present or past international assignments; and
- check incoming communications and validate they are from trusted sources.
If you have any questions regarding this matter, please send a message to assignmentpro_questions@ing.com |
|
|
| For current employees: |
If you suspect that a received email is a phishing attempt, you can report it using the ‘Report Phish’ button in Outlook if it is available in your country. Or forward it (as attachment) to the Phishing Employee mailbox: phishing@ing.net.
If you have already clicked on a link and realise it is a malicious site, please contact the Security Defence Centre (sdc@ing.com).
Please report fraud by contacting your manager, your local Fraud Department, or the Whistle-blower Procedure using the Reporting Fraud intranet page.
You may also opt for changing your password(s) as an extra preventive action.
Kind regards |
|
|
|
Andreas Mayer
GHR COO & Data Privacy Executive |
|
|
Simon Andrews
CIO Group Services Tech. |
|
|
|
|
|
|
