[lozenge]

Could the breach be at an Open Banking service that lets you view and aggregate your bank details such as Emma, Money Dashboard, TrueLayer? Some marketing/voucher companies are also using this sort of integration now such as Airtime Rewards.

[throwaway_qwe]

This is possible. I had the account linked to a very well known and popular service that is owned by another bank. I don’t want to use names. But “bank transaction ids” were known I do not know if this is part of the spec. My theory was some export from bank 1 for openbanking was breached or in bank 2’s import was breached. But the news items are about bank 1. Also, they knew details like the date of account opening which was different to date of first transaction. I was not using openbanking in many places but I have now turned it off everywhere.

[jtaft]

What about stolen mail? Would any of this details be in a bank statement?

[throwaway_qwe]

No paper bank statement. No email bank statement. Only qif/csv export. iPhone app only (not web). Fairly sure it was either an inside job and/or openbanking API implementation.