National Australia Bank has an own goal in data handling as it breaches the privacy of 60,000 customers. banking details

December 16, 2016 |

The National Australia Bank (the “NAB”) has form when it comes poor data practices.  As a customer of the NAB several years ago, my business banker sent to me another customer’s personal information, loan information and details about an impending investment.  Twice.  On consecutive days.  When I raised the clear breach of the Privacy Act with the Privacy Officer at the NAB the response was defensive when not mealy mouthed.  Hardly an example of good data management at first instance and problem solving subsequently.

It therefore comes as no surprise to me that NAB has been involved in another sloppy data handling practice, attaching the details of 60,000 of its customers to an incorrect email address.  The details included names, addresses and emails.  A start for any enterprising identity thief.  NAB seems to rely on the fact that the customers are based overseas as a relevant if not some form of mitigation.  How it is at all pertinent is not clear.

The breach is bad enough but there is the inevitable bad publicity, as reported in the ABC story NAB accidentally sends 60,000 overseas customers’ banking details to wrong email  which provides:

National Australia Bank (NAB) has accidentally sent the account details belonging to 60,000 overseas customers to an incorrect email address.

NAB wrote to all the account holders involved, telling them the emails included information such as their name, address, email, BSB and account numbers, but it did not include any passwords.

The bank said the mistake only affected accounts set up by its migrant banking team for clients who were residing outside Australia at the time.

In a statement, NAB said the mistake was caused by human error, and would not impact accounts set up in Australia.

“We take the privacy and the protection of our customers’ personal information extremely seriously,” the bank said.

“We also take full responsibility and we sincerely apologise to our customers for this mistake.”

It said a review of all the accounts has not identified any unusual activity, but they would continue to be monitored.

“Approximately 40 per cent of these customers have either closed or have not used their account this year,” NAB said.

“Furthermore, 19,000 of these accounts have a balance of less than $2.”

The bank said it was working with industry regulators, and had notified the Office of the Australian Information Commissioner and ASIC about the privacy breach.

NAB has taken Google to court in the US over the matter.

One Response to “National Australia Bank has an own goal in data handling as it breaches the privacy of 60,000 customers. banking details”

  1. National Australia Bank has an own goal in data handling as it breaches the privacy of 60,000 customers. banking details | Australian Law Blogs

    […] National Australia Bank has an own goal in data handling as it breaches the privacy of 60,000 custom… […]

Leave a Reply





Verified by MonsterInsights