80.2K

Verified Solution

Link Copied!

On the 26th July 2019, National Australia Bank (NAB) which isthe 4th largest bank in Australia, contacted approximately 13,000customers to advise that some personal information provided whentheir account was set up was uploaded, without authorisation, tothe servers of two data service companies. NAB’s security teamshave contacted the companies, who advise that all informationprovided to them is deleted within two hours. NAB Chief DataOfficer, Glenda Crisp, said the compromised data included customername, date of birth, contact details and in some cases, agovernment-issued identification number, such as a driver’s licencenumber. “We take the privacy and the protection of customerinformation extremely seriously and I sincerely apologise toaffected customers. We take full responsibility,” she said. “Theissue was human error and in breach of NAB’s data securitypolicies.” Ms Crisp said it was not a cyber-security issue. No NABlog-in details or passwords have been compromised – and NAB’ssystems remain secure. Page | 3 Asia Pacific International CollegePty Ltd. Trading as Asia Pacific International College 55 RegentStreet, Chippendale, Sydney 2008: 02-9318 8111 PRV12007; CRICOS03048D Approved: 13/02/2019, Version 1 “Our number one priority isto support our customers. We are moving quickly to proactivelycontact every person affected.” NAB called, emailed or written toeach impacted customer individually. A dedicated, specialistsupport team was in place, available to them 24/7. If governmentidentification documents need to be reissued, NAB would cover thecost. NAB would also cover the cost of independent, enhanced frauddetection identification services for affected customers.Importantly there is no evidence to indicate that any of theinformation has been copied or further disclosed. NAB is advisingimpacted customers that they do not need to take any action withtheir account. “We have reviewed these customers’ accounts, overand above our rigorous normal checks, and have not identified anyunusual activity. We will continue to monitor 24/7 to protect ourcustomers’ accounts,” Ms Crisp said. NAB also notified and wasworking with industry regulators, including the Office of theAustralian Information Commissioner. Ms Crisp said: “We take fullresponsibility. We can assure you that we understand how thishappened and we are making changes to ensure this does not happenagain.” On further development, NAB CEO admitted that it isdifficult to invest huge amount of money in information securitycompared to the industry leaders like Microsoft, Google, Amazon.His opinion was to leverage on the infrastructure created by thesecompanies i.e. through cloud computing

1.Overview of the addressed problem

2.Describe common security issues that an auditor needs toinvestigate

3.Describe NAB’s response to the data breach.

4.Propose information security measures NAB should adopt.

5.Describe the role of cloud computing in informationsecurity.