National Australia Bank Suffers Data Breach Caused By Human Error

By   ISBuzz Team
Writer , Information Security Buzz | Jul 29, 2019 02:58 am PST

According to this link, https://www.9news.com.au/national/nab-data-breach-privacy-human-error-australia-bank-news/881315dd-078f-4263-ba3b-c169771adc56, National Australia Bank Ltd says 13,000 customers are being contacted after a breach where personal data was uploaded without permission to two data service companies.  

  • The breach resulted from human error 
  • The data uploaded included customer names, date of birth, contact details and in some cases, government identity numbers 
  • The data service companies told NAB that information they receive is deleted within two hours however affected customers are still due to hear from the bank within the coming days 
Subscribe
Notify of
guest
2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Javvad Malik
Javvad Malik , Security Awareness Advocate
July 29, 2019 12:44 pm

This breach illustrates that regardless of the number of technical controls in place, their effectiveness can be eradicated by human error.

This is why security controls should factor in accidents or insider threats. Additionally, educating and training users on security and privacy issues and best practices when it comes to handling sensitive data is of utmost importance. Otherwise, we can expect to continue to see breaches which could have otherwise been prevented.

Last edited 4 years ago by Javvad Malik
Peter Draper
Peter Draper , Technical Director, EMEA
July 29, 2019 12:40 pm

Although NAB stated this was not a cyber security event but human error it still impacts the privacy and protection of customer information. Normal cyber security controls would have little impact on these types of issues. DLP policies could now be tightened, however this is just “closing the stable door after the horse has bolted”. The only way to quickly identify and block this sort of data breach (classified as a breach as it breaches NAB policies) would be using behaviour analytics to identify the anomalous behaviour and use automation and orchestration to automatically block the transactions or traffic flow.

Last edited 4 years ago by Peter Draper

Recent Posts

2
0
Would love your thoughts, please comment.x
()
x