Danske Bank A/S disclosed that a data‑handling mistake last year exposed the residential addresses of roughly 20,600 customers to unauthorised parties. The error stemmed from a batch upload that inadvertently included full address fields alongside account numbers. Regulators were notified promptly, and the bank began informing affected clients.

Clients rely on Danish banks for stringent privacy protections under EU‑wide GDPR rules, so any lapse can erode trust and trigger compensation claims. Industry analysts estimate that similar exposures can generate legal costs in the millions, while share‑price pressure often follows publicised breaches. Danske’s board has ordered a review of its data‑governance framework to prevent recurrence.

The incident underscores operational risk when legacy systems intersect modern data‑sharing practices. Shareholders will scrutinise the upcoming quarterly results for any hit to profitability stemming from remediation expenses. Danske Bank has pledged to enhance encryption protocols and to report progress to regulators within the next reporting cycle.

The bank also plans to hire an independent cybersecurity firm to audit its entire data pipeline, a step aimed at restoring confidence among customers and investors. Completion is slated for the second half of the year. Findings will be disclosed in a public report, and any recommended changes will be implemented immediately.