Chaos at NEST

NEST don't take seriously a serious data breach.

Didn't find your answer?

We are a small firm of Chartered Accountants and help small clients administer their Auto Enrolment pensions through NEST.

We asked a client to login in to enter their bank account details and discovered she had access to all our clients’ NEST accounts. Full payroll details of all of them. And we are locked out.

We have asked them to block all accounts until its fixed, but they say they can’t and add, it is ‘unfortunate’.

Obviously, a glitch in their system and a person non trained in dealing with a data breach.

Anyone have any ideas how to deal with this??

Replies (16)

Please login or register to join the discussion.

By mrme89
27th Feb 2018 13:34

ICO and / or pension regulator may have something to say on the matter.

Thanks (0)
avatar
By RLK
27th Feb 2018 13:40

Is there any way at all that someone could have given the client your company NEST connect login instead and they have changed the password? I am hoping something as silly as that has happened as otherwise I am extremely worried about using NEST!

Thanks (0)
Replying to RLK:
By danielgricks
27th Feb 2018 15:34

We are looking into who did what and when but so far we know client used their own login

Thanks (1)
avatar
By Matrix
27th Feb 2018 14:03

Per above what login did the client use? This is very scary and should be reported. Please update when you know more.

Thanks (0)
avatar
By Limited Company
27th Feb 2018 15:20

Sounds like a case for the Information Commissioner!

Thanks (0)
By danielgricks
27th Feb 2018 15:32

We have made an official complaint. To which we will receive a response in 4 day !!
Obviously no contingency for a security breach.

Thanks (0)
By danielgricks
27th Feb 2018 15:32

We have made an official complaint. To which we will receive a response in 4 day !!
Obviously no contingency for a security breach.

Thanks (0)
Replying to danielgricks:
avatar
By Mr_awol
28th Feb 2018 13:39

danielgricks wrote:

We have made an official complaint. To which we will receive a response in 4 day !!
Obviously no contingency for a security breach.

Id have perhaps waited before doing this. As others have intimated, this looks rather more likely to have been a data breach at your end than at nests.

Of course we could all be wrong. I just cant see how this would happen (and your access be turned off) otherwise.

Thanks (0)
Replying to Mr_awol:
By danielgricks
28th Feb 2018 18:05

I think my final comment eliminates that theory

Thanks (0)
avatar
By SpreadsheetUser
27th Feb 2018 17:22

This sounds like the client was given your NEST Comnect login details rather than an error at NEST’s end

Thanks (1)
By danielgricks
28th Feb 2018 16:23

A solution.
Just beware you don't fall int the trap we did.
There's a slight difference between a NEST merged delegate account and a NEST connect account, and with the merged delegate if one of the employer accounts primary contact is updated it overwrites all other employer accounts!
It shouldn't work like this but it did.
We have now set up NEST connect account, transferred all clients and deleted the merged delegate account.
And wasted 2 man days

Thanks (2)
RedFive
By RedFive
28th Feb 2018 20:04

So it was your fault after all.

Thanks for the update.

Thanks (1)
avatar
By Manchester_man
01st Mar 2018 04:51

What is a merged delegate account?

As far as I know, we use the connect account, this being the correct way for agents?

Thanks (0)
Replying to Manchester_man:
By danielgricks
01st Mar 2018 11:25

The connect account appears to be the way to go. Avoid merged delegate accounts (shame I am having to give this warning , not NEST)

Thanks (0)
Replying to Manchester_man:
By danielgricks
01st Mar 2018 11:25

The connect account appears to be the way to go. Avoid merged delegate accounts (shame I am having to give this warning , not NEST)

Thanks (0)
Replying to Manchester_man:
By danielgricks
01st Mar 2018 11:25

The connect account appears to be the way to go. Avoid merged delegate accounts (shame I am having to give this warning , not NEST)

Thanks (0)