NAB disclosed a data breach late Friday after a dataset containing the personal details of approximately 13,000 customers was uploaded to the servers of “two data service companies”.
Chief data officer, Glenda Crisp, said the compromised data “included customer name, date of birth, contact details and in some cases, a government-issued identification number, such as a driver’s licence number.”
Crisp attributed the issue to “human error”.
She said the uploads to the data service providers were done “in breach of NAB’s data security policies.”
Crisp said it “was not a cyber-security issue”.
While she did not detail the exact reason the dataset was uploaded, it would appear the bank was performing some form of data analytics work on the dataset using third-party tools or services.
NAB said its security teams had contacted the two companies, “who advise that all information provided to them [was] deleted within two hours”.
NAB said it would call, email or write “to each impacted customer individually.”
“A dedicated, specialist support team is in place, available to them 24/7,” she said.
“If government identification documents need to be reissued, NAB will cover the cost.
“NAB will also cover the cost of independent, enhanced fraud detection identification services for affected customers.”
The bank said there was “no evidence to indicate that any of the information has been copied or further disclosed.”
NAB said it had notified industry regulators and the Office of the Australian Information Commissioner.
Gloss