Private Data of 13,000 National Australia Bank Customers Was Exposed, but Passwords Were Spared

National Australia Bank Data Leak

We keep saying that money isn't everything, but at the same time, there's little point in denying the fact that without money, our lives will be difficult. What's more, most of us work long and hard to earn our money, and since we no longer keep it under the mattress, banks have the difficult job of convincing us that our savings are safe with them. Last week, the people working for National Australia Bank (NAB) learned just how hard this could be.

The private information of 13,000 NAB customers gets leaked

On Friday, NAB issued a statement on its website explaining that some private information of about 13 thousand of its customers had been briefly exposed to anyone. The data included names, dates of birth, contact information, and numbers of ID documents.

NAB had already contacted the Australian authorities and was working flat-out to inform every single affected individual. The bank assured its customers that a support team is available 24/7 to answer all questions related to the breach and that it's ready to cover the cost of any reissued identification documents.

After saying that the bank is taking full responsibility for the leak, Glenda Crisp, NAB's Chief Data Officer, announced that her team is fully aware of what had happened and that it knows what needs to be done in order to prevent similar incidents. But what had happened exactly?

The leak was the result of a human error

Ms. Crisp was eager to point out that NAB's systems hadn't been compromised. No usernames and passwords have been exposed, the bank hasn't detected any unusual activity around people's accounts, and according to the statement, customers don't need to take any further actions to protect themselves.

Apparently, the data was exposed after someone uploaded the information to the servers of two data service companies that remain unnamed. Ms. Crisp didn't say whether or not the individuals responsible for the whole thing work for the bank, but she insisted that the leak is the result of a human error, not a cybersecurity incident. As soon as it learned about the exposed data, NAB contacted the data service companies, and the information was purged within hours.

NAB is handling the issue relatively well

We have talked about how important reacting to a data breach is, and on the face of it, NAB has done a pretty decent job of telling everybody what has happened and why. The statement is detailed enough, and it suggests that the bank acted quickly and responsibly to protect its customers. The number of affected individuals is not that huge, which is yet more good news for everyone.

Although it's small, however, the leak can (and should) act as a reminder that we're not the only ones responsible for protecting our data. Sometimes, its security is outside our control, and unfortunately, we're the ones that take the brunt of the impact when things go wrong. That being said, we shouldn't ignore our responsibilities. Although NAB says that no further actions are needed on your part, and although no login data got exposed, you could do worse than making sure that the password for your online banking system is both complex and unique.

July 30, 2019

Leave a Reply