In a demonstration of the significant impact human errors can have on data security, NAB admitted to incorrectly forwarding the personal details of 60,000 customers to the owner of various adult websites.
First revealed by the bank last month, customers who established bank accounts via NAB's migrant banking team before migrating to Australia had their private details compromised when an electronic mail-out went wrong.
Emails confirming customer account details were accidentally sent to an incorrect email address which media reports reveal belongs to the owner of a number of domain names hosting adult content. The emails included customer names, addresses, email contact details, account details and in some cases NAB identification numbers, though no passwords were disclosed.
It is believed the error occurred as a result of the email address owner also owning the domain names www.nab.com and www.nab.net, one of which hosts a dating site.
In a statement made on 16 December 2016, NAB executive general manager, international branches Peter Coad said: "We take the privacy and the protection of our customers' personal information extremely seriously. We also take full responsibility and we sincerely apologise to our customers for this mistake. The error was caused by human error and identified following our own internal checks and as soon as we realised what had happened we took action."
Coad said NAB was reaching out to all 60,000 customers thought to be implicated, as well as having notified the Office of the Australian Information Commissioner and ASIC. He added that about 40% of the customers affected have either closed or not used their account in the past year, and a further 19,000 of the accounts have a balance of less than $2.
According to a further statement released yesterday, the email address the details were sent to is no longer in use and customer details have not been wrongfully used, with no unusual activity detected across any of the banking accounts involved.
"Although this has been a complex process involving multiple international jurisdictions, all parties - including the email account owner - are taking this extremely seriously and NAB is working hard to resolve this matter for our migrant banking customers as soon as possible," Coad said.
He added the bank is working hard toward improving and strengthening processes to ensure this doesn't happen again.