Legal teams within financial services companies may want to be wary of their employer’s cyber security measures, following a major data breach occurring at National Australia Bank (NAB) which compromised the information of approximately 13,000 customers.
According to Lawyers Weekly's sister publication MyBusiness, NAB has begun advising approximately 13,000 customers that some of their personal information provided when their account was first set up has been uploaded, without authorisation, to the servers of two data service companies.
The compromised data included customer name, date of birth, contact details and, in some cases, a government-issued identification number, such as a driver’s licence number.
However, the major bank has stated that its security teams contacted the companies involved, following which NAB was informed that the information was deleted within two hours.
NAB chief data officer Glenda Crisp commented: “We take the privacy and the protection of customer information extremely seriously and I sincerely apologise to affected customers.
“We take full responsibility.
“The issue was human error and in breach of NAB’s data security policies.”
The incident comes after Fergus Hanson, head of the International Cyber Policy Centre, dispelled the idea that cyber security should be left in the hands of a business’ IT department, saying everyone has a role to play in ensuring it’s properly safeguarded.
“You say the words ‘cyber security’ and people automatically flip a switch and think ‘well that’s not my problem at all’,” Mr Hanson said.
“As a cyber security person I just don’t abide by the argument that cyber security is the IT guy’s problem. In fact, it is the opposite. It’s everyone’s problem."