I see there has been yet another privacy breach at Kiwibank. This comes just after hundreds of customers have been threatened with frozen accounts because of another bank stuff-up. This seems to be a regular, recurring thing with NZ institutions, especially government ones. They all go on about how seriously they take our privacy, but this kind of thing keeps happening. Why should anyone trust any (quasi)official body here?
More to the point, if a bad actor receives someone else's bank statement, can they compromise the account of the person whose statement that is? The account number will be on it, as well as the name, address and access number of the account holder. Is that enough to make it valuable on the dark web or is more required? How bad is this breach, actually? What is the potential damage?