NAB has revealed that it terminated the contract of a technology staffer that ran thousands of customers’ details through tools offered by a pair of data service companies back in mid-2019.
The data breach, disclosed on a Friday evening in July 2019, saw the personal details of 13,000 customers - later revised down to 11,500 - uploaded to the online data services in an analytics exercise gone wrong.
In new details about the breach revealed last week, NAB said “the unauthorised upload was detected and triggered alerts in NAB systems, and an investigation into the event was immediately commenced.”
“The unauthorised upload was the action of one of NAB’s technology personnel,” the bank said.
“The action was in breach of their training and various NAB policies including those related to data security and the prohibition of transfers of NAB data to unauthorised third parties.”
NAB went on to say it ultimately terminated the staffer’s employment.
“An assessment of the employee’s conduct in breach of their training and NAB policies was conducted,” it said.
“After conducting a procedurally fair process, the individual’s employment contract was terminated.”
It's still unclear what specific use case the staffer was trying to fulfil. NAB would only say that “the data was uploaded in order to make use of a simple data tool.”
The bank reportedly shelled out $686,878 in compensation to impacted customers, the Australian Financial Review reported.
iTnews was unable to verify this figure at the time of publication, because the document containing the information was uploaded incorrectly at its source.