National Australia Bank (NAB), one of the largest financial institutions in Australia, revealed on Friday it suffered from a data breach that exposed the personal information of approximately 13,000 customers.
According to the bank, a dataset containing the personal details of 13,000 customers, including names, birthdays, contact details, and government-issued identification numbers, was erroneously uploaded to the servers of two data service companies.
“Our number one priority is to support our customers. We are moving quickly to proactively contact every person affected,” said Chief Data Officer Glenda Crisp.
Hundreds of NAB employees have spent their weekend reaching to each affected user. To date, about two-thirds of impacted customers have already been informed about the data breach, while the rest is expected to be informed over the next few days.
The bank’s security team had also contacted the companies involved in the leak, advising them that all information provided should be deleted within two hours.
Moreover, the Australian bank giant was quick to clarify that the breach was not a cybersecurity issue but rather an issue of “human error.”
“The issue was human error and in breach of NAB’s data security policies,” clarified Crisp. She also assured that no customers’ login and password information had been leaked and that the bank’s systems remained secure.
Australia’s fourth-largest financial institution assured it will cover the cost in case government identification documents need to be reissued because of the breach. Moreover, NAB has also promised to pay for “independent, enhanced fraud detection identification services” for its affected users.
Over the investigation, the data breach is believed to have occurred over the past week. On Friday, July 26, the bank informed the Office of the Australian Information Commissioner about the breach and then later went to inform the affected customers.
“We have reviewed these customers’ accounts, over and above our rigorous normal checks, and have not identified any unusual activity. We will continue to monitor 24/7 to protect our customers’ accounts,” the Chief Data Officer added.
The recent breach was an addition to the series of technology-related failures at NAB. In 2016, the Australian bank has accidentally sent the account details belonging to approximately 60,000 customers to an incorrect email address.
“We take full responsibility. We can assure you that we understand how this happened and we are making changes to ensure this does not happen again,” Ms Crisp guaranteed.