The National Australia Bank (NAB) fired an IT worker who was responsible for a data breach in 2019 that affected 13,000 customers.
Customer names, date of birth, contact information and government-issued ID numbers were all uploaded to a pair of third-party data companies, causing NAB to front up nearly $687,000 to cover the cost of fraud detection and re-issued IDs.
Responding to questions on notice from its appearance in front of a senate economics committee last week, NAB said one of its technology staff made the “unauthorised upload”.
“The action was in breach of their training and various NAB policies including those related to data security and the prohibition of transfers of NAB data to unauthorised third parties,” NAB said.
Following the incident, NAB assessed the employee’s “conduct” and after what it called “a procedurally fair process” terminated their contract.
Since then, the bank said it has put in “technical blocks” to stop large uploads of customers’ personal data from happening in the future and it improved staff awareness through training.
NAB said it is keeping a closer eye on employees to make sure they don’t cause another data breach.
“NAB lawfully and appropriately monitors employee and contractor access and use of NAB’s system,” it said.
“NAB has uplifted technical controls to prevent similar transfers/uploads of NAB data to unauthorised recipients in the future.
“Additional controls have been implemented including blocking access to websites to prevent unauthorised uploads of this nature and blocking email externally in certain circumstances.
“NAB has also increased monitoring on these channels”
Speaking at last Friday’s senate review into the major four banks, NAB CEO Ross McEwan said data security was becoming more of a priority for the bank as the number of cyber attacks continues to increase.
“The attacks are very large in number,” he said.
“We are spending a considerable amount of money on the bank – well over $320 million now for the last three years – to get ourselves in a position where these attacks are not coming into the bank and, where they are, we can defend against them very strongly.”
The bank said it was knocking back around 100 million cyber attacks each month and, in response to a question on notice, said it has 200 employees in the bank’s cyber security team.
Last August, NAB said it was preparing to cut at least 100 IT jobs during a restructure.