[BreachExchange] National Bank of Canada data leak: Website glitch exposes personal data of hundreds of customers

[Audrey McNeil]

http://www.ibtimes.co.uk/national-bank-canada-data-
leak-website-glitch-exposes-personal-data-hundreds-customers-1640375

National Bank of Canada said a technical glitch may have inadvertently
exposed the personal information of roughly 400 customers earlier this
week. The sixth-largest lender in the country said customers' names, dates
of birth, phone numbers and email addresses were potentially compromised in
the leak.

The Canadian bank said in a statement that the glitch was related to an
electronic form on its website that allowed a customer filling out an
online form to set up a branch appointment to potentially see the data
entered by a previous user, Reuters reports.

The National Bank said it was notified of the error earlier this week and
was resolved immediately. It also noted that the glitch was caused due to a
human error in setting up the form. The issue lasted for several days and
affected "close to 400" customers, it said.

"We were notified earlier this week of an issue related to an electronic
form used on our website. The issue was resolved immediately," National
Bank senior director Jean-François Cadieux told CBC Toronto. "No address,
Social Insurance Number or any banking information have been disclosed."

CBC Toronto reported that it was alerted by a bank customer who said he was
contacted by another individual who was able to view his data online. He
was reportedly told that the electronic form's fields were already filled
out with his information when the second customer tried to book an
appointment with the bank.

Nearly 400 customers potentially affected by the data leak are currently
being notified by the bank and have been offered free credit monitoring.
The bank also also advised customers to be vigilant against any potential
identity theft or phishing attempts for additional information.

The latest incident comes amid a spate of data leaks and breaches often
caused due to human errors, particularly in cloud-related incidents.

IBTimes UK has reached out to National Bank for comment.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170922/4046e44e/attachment.html>