Security News

One of Australia's 'Big Four' Banks Compromises Thousands of Customer Details

Thousands of National Australia Bank (NAB) customers have had 'some personal information' compromised after the bank uploaded the details to the servers of two 'data service companies'.

The data of the 13,000 affected customers included names, dates of birth, contact details and in some cases, a government-issued identification number e.g. driver's licence number.

"We take the privacy and the protection of customer information extremely seriously and I sincerely apologise to affected customers," said NAB Chief Data Officer, Glenda Crisp. "We take full responsibility. The issue was human error and in breach of NAB’s data security policies."

Ms Crisp said it was not a cyber-security issue and no NAB log-in details or passwords were compromised. The NAB systems remain secure.

NAB has contacted each customer individually, with a support team in place 24/7. The bank will cover the cost of any government identification documents that need to be reissued, as well as the expense of independent, enhanced fraud detection identification services for affected customers.

NAB has form when it comes to data breaches and in early 2017 admitted the details of around 60,000 customers were sent to a global domain email address instead of the bank's .au address. Once again, the bank apologised and took "full responsibility".

. . .

If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.

Get weekly security news and vulnerability alerts

Join 833 others receiving a free weekly report with a round-up of vulnerabilities and security news customised to your software stack. See an example email

Example email for SecAlerts

Earlier: