We are a small firm of Chartered Accountants and help small clients administer their Auto Enrolment pensions through NEST.
We asked a client to login in to enter their bank account details and discovered she had access to all our clients’ NEST accounts. Full payroll details of all of them. And we are locked out.
We have asked them to block all accounts until its fixed, but they say they can’t and add, it is ‘unfortunate’.
Obviously, a glitch in their system and a person non trained in dealing with a data breach.
Anyone have any ideas how to deal with this??
Replies (16)
Please login or register to join the discussion.
Is there any way at all that someone could have given the client your company NEST connect login instead and they have changed the password? I am hoping something as silly as that has happened as otherwise I am extremely worried about using NEST!
Per above what login did the client use? This is very scary and should be reported. Please update when you know more.
We have made an official complaint. To which we will receive a response in 4 day !!
Obviously no contingency for a security breach.
Id have perhaps waited before doing this. As others have intimated, this looks rather more likely to have been a data breach at your end than at nests.
Of course we could all be wrong. I just cant see how this would happen (and your access be turned off) otherwise.
This sounds like the client was given your NEST Comnect login details rather than an error at NEST’s end
What is a merged delegate account?
As far as I know, we use the connect account, this being the correct way for agents?