The National Australia Bank spent the weekend contacting customers about a data breach which exposed the personal information of 13,000 customers. The bank uploaded the personal information of some its new customers to insecure servers of two third party providers without authorisation.
The information included names, dates of birth, contact details and in some cases, driver’s licence numbers. NAB says it has been advised by the companies which held the insecure data that they deleted the information within two hours.
NAB chief data officer, Glenda Crisp, said the bank took “full responsibility” for the incident but insisted it was not a cybersecurity issue and customers’ login and password information had not been exposed and the bank’s systems remained secure.
“The issue was human error and in breach of NAB’s data security policies,” Crisp said in a statement.
“Our number one priority is to support our customers. We are moving quickly to proactively contact every person affected.”
Crisp said there was no indication that the exposed data had been copied or further exposed, and the bank is advising customers they do not need to take any action.
“We have reviewed these customers’ accounts, over and above our rigorous normal checks, and have not identified any unusual activity. We will continue to monitor 24/7 to protect our customers’ accounts.”
NAB says it will cover costs to customers related to the breach, including drivers license replacements and enhanced fraud detection of affected accounts.
The bank says it has informed industry regulators including the privacy watchdog, the Office of the Australian Information Commissioner. The OAIC has been contacted for comment.
Earlier this month the privacy watchdog chided CBA over its poor data security and governance which led to two data breaches, exposing the information of over 20 million customers.