NAB leaks personal data of 13,000 customers in embarrassing snafu
Monday, July 29, 2019/
National Australia Bank (NAB) has become embroiled in its second significant data breach in three years, revealing the names and contact details of about 13,000 customers were accidentally shared with two data service companies.
Dates of birth, and in some cases, government-issued identification numbers such as drivers’ licences, were also inadvertently uploaded to third-party servers, the bank conceded last Friday.
The third-party data service providers have told NAB they deleted all the information they were sent “within two hours”, while the bank claims there’s “no evidence” to suggest the data was further copied or disclosed.
The bank found out about the breach on Wednesday and has mobilised significant internal resources to contact two-thirds of the affected parties over the last three days.
The breach is the second significant leak of consumer data to flow from NAB in the last three years. Back in 2017, human error saw it send the personal details of 60,000 clients to a business person who hosts adult websites.
NAB chief data officer Glenda Grisp was called up to deliver an apology to customers last Friday, but chose not to characterise the breach as a cyber security issue, despite conceding the bank’s data security policies were breached.
“The issue was human error and in breach of NAB’s data security policies,” Crisp said in a statement.
“I sincerely apologise to the affected customers. We take full responsibility,” she said.
The bank has contacted the office of the Australian Information Commissioner and is in the process of calling, emailing or writing to affected customers.
NAB has offered to cover the cost of re-issuing government identification for affected customers, alongside costs associated with “enhanced fraud detection identification”.
It’s not the first time a business, large or small, has found itself dealing with a data breach as a result of human error.
The capacity for human error is routinely highlighted by experts as one of the primary cyber security risks facing companies.
Last year, Woolworths-owned BIG W leaked the personal information of 32 customers when a worker placed confidential information in a pile of test print-outs provided to a customer.
Andrew Bycroft, chief executive of the International Cyber Resilience Institute, has told SmartCompany the role of human error addressing risks remains the key digital security challenge facing businesses in Australia and elsewhere.
“Businesses think it’s actually a technology problem that can be solved by tech … but it’s a human crime,” Bycroft has said.
Accounting software does not underpay staff — humans do Stacey Price Healthy Business Finances founder
Google has updated its search algorithm: Say hello to BERT Lucas Bikowski SEO Shark managing director
Five ways to mentally prepare for the brutal capital-raising process Stacey Fisher Minnow Designs co-owner
You are not your job: Four work-life balance tips to ease you into Christmas Jackie Rahilly Appoint co-founder
Ignoring your ‘obnoxious roommate’: What this founder learnt when she met Arianna Huffington Michelle Gallaher ShareRoot CEO