[BreachExchange] Email NAB accidentally sends 60, 000 overseas customers' banking details to wrong email

[Audrey McNeil]

http://www.abc.net.au/news/2016-12-16/nab-accidentally-
sends-60000-overseas-banking-details/8127794

National Australia Bank (NAB) has accidentally sent the account details
belonging to 60,000 overseas customers to an incorrect email address.

NAB wrote to all the account holders involved, telling them the emails
included information such as their name, address, email, BSB and account
numbers, but it did not include any passwords.

The bank said the mistake only affected accounts set up by its migrant
banking team for clients who were residing outside Australia at the time.

In a statement, NAB said the mistake was caused by human error, and would
not impact accounts set up in Australia.

"We take the privacy and the protection of our customers' personal
information extremely seriously," the bank said.

"We also take full responsibility and we sincerely apologise to our
customers for this mistake."

It said a review of all the accounts has not identified any unusual
activity, but they would continue to be monitored.

"Approximately 40 per cent of these customers have either closed or have
not used their account this year," NAB said.

"Furthermore, 19,000 of these accounts have a balance of less than $2."

The bank said it was working with industry regulators, and had notified the
Office of the Australian Information Commissioner and ASIC about the
privacy breach.

NAB has taken Google to court in the US over the matter.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161216/d8ef8069/attachment.html>