A woman who typed in one wrong number from her credit card and mistakenly accessed another customer's account is irate that the BNZ disclosed her personal details so the man could resolve the matter.
The Privacy Commissioner yesterday criticised the bank, saying banks needed to have more safeguards for customers.
The Auckland woman, who wished only to be known as Mrs Hansford, said she learned of the error when the man emailed her two days after she made a $20 internet transaction for digital photo prints early last year.
Despite having provided her name, address and phone number alongside her credit card number and expiry date when she made her purchase, the photos were charged to the man's account.
The Carterton man, who asked to remain anonymous, told the Herald that when he and his wife noticed the Auckland purchase they called BNZ to ask what went wrong.
He said he was "astounded" when a staff member denied the bank was responsible and then gave him Mrs Hansford's home address, work address, mobile phone number and private email address so he could sort the situation out himself.
"We were advising them of a fraudulent transaction and they couldn't care less," he said.
"I was incredulous and surprised and wondering why the bank didn't do basic checks like the person's name and address before the transaction. Their basic response was 'tough - if you don't like it - tough'. Which was when we cancelled the account."
Mrs Hansford said she was eight months' pregnant at the time and had suffered emotional trauma and stress during what should have been a happy time before the birth of her second child.
"If he was a nasty individual he could have been at my front door and he could have been quite angry."
She said BNZ eventually offered her $2000 compensation, but she did not accept it.
Now she just wants people to know about the "terrible" service she had received.
Both customers say they will not use BNZ again.
BNZ said yesterday that such instances were "extremely isolated".
Chief operating officer Glenn Patrick said staff had been told to remove personal details when providing information to customers disputing transactions.
"We are really sorry for the inconvenience caused to Mrs Hansford and have apologised to her."
Banking Ombudsman Liz Brown said she expected banks to act as the liaison between customers - not reveal customers' details - but said the situation was unique.
"I've never come across one quite like that."
Privacy Commissioner Marie Shroff said banks needed to do more to prevent mistakes, such as checking when the account name did not match the account number.
"In this technological age, where people are encouraged to conduct their financial transactions online, banks should do more to ensure that their customers are adequately protected," she said.
"The Privacy Commissioner would actively support changes to banking practice so that common small errors could be swiftly resolved at an early stage. A person shouldn't be forced to bring legal proceedings simply to rectify a simple mistake.
"The release of personal information by a bank should be a last resort."