National Australia Bank has revealed that in a major data breach, the personal information of approximately 13,000 of its customers has been uploaded to the servers of two unauthorised companies.
NAB has begun advising approximately 13,000 customers that some of their personal information provided when their account was first set up has been uploaded, without authorisation, to the servers of two data service companies.
The compromised data included customer name, date of birth, contact details and, in some cases, a government-issued identification number, such as a driver’s licence number.
However, the major bank has stated that its security teams contacted the companies involved, following which NAB was informed that the information was deleted within two hours.
NAB chief data officer Glenda Crisp commented: “We take the privacy and the protection of customer information extremely seriously and I sincerely apologise to affected customers.
“We take full responsibility.
“The issue was human error and in breach of NAB’s data security policies.”
Ms Crisp stressed that it was not a cybersecurity issue, with no NAB log-in details or passwords compromised during the incident.
“Our number one priority is to support our customers. We are moving quickly to proactively contact every person affected,” she added.
NAB is calling, emailing or writing to each impacted customer individually, with a dedicated, specialist support team in place.
NAB also stated that it will cover the costs of any government identification documents that need to be reissued, as well as the costs of independent, enhanced fraud detection identification services for affected customers.
According to NAB, there is no evidence to indicate that any of the information has been copied or further disclosed.
Customers are being advised that they do not need to take any action with their account.
“We have reviewed these customers’ accounts, over and above our rigorous normal checks, and have not identified any unusual activity. We will continue to monitor 24/7 to protect our customers’ accounts,” Ms Crisp said.
NAB has also notified and is working with industry regulators, including the Office of the Australian Information Commissioner.
Ms Crisp concluded: “We take full responsibility. We can assure you that we understand how this happened and we are making changes to ensure this does not happen again.”
Adam Zuchetti is the editor of My Business, and has steered the publication’s editorial direction since early 2016.
Insolvency accountant asks: Have you paid your tax yet?
By John Papadopoulos
Ask the Experts: Does automation stack up financially?
By Christopher Overton
Opinion: How bad do things have to get?!
By Adam Zuchetti