Howdy folks,
long story short, I've just received a letter of excuses where NAB informs me that "my name, address, email address as well as my BSB and account number was sent in error to incorrect email addresses".
NAB also reassures me "that they are working hard to make sure it doesn't happen again".
What should I do?
Is it actually dangerous?
Legal repercussions?
Cheers
Heard about this in the media. NAB claim it isn't a big deal, but they would say that.
My understanding is there is very little you can do in terms of legal redress or other penalties.
If it were me, I would lodge a complaint at:
http://www.ipc.nsw.gov.au/
And ask that the leak was investigated.
I would also suggest you ask NAB to pay for the Identity Watch service here:
https://www.veda.com.au/
for the next 24 months. That will help give you a heads up if someone is trying to exploit your details.
On the bright side, the law is so weak in these areas that NAB was not even required to notify you, so at least it looks like they are trying to do the right thing and deal with it appropriately.
For the record, I think the chances of you being compromised are very low, and I think they have likely contained the leak so your details won't end up with somebody bad.
If the people that received your information did something damaging with it, you could take NAB to court. Otherwise all you can really do is move to another bank if you are not happy with how they handle it. You could use it as leverage on a better rate if you have a home loan or waive your CC fee or something, but they have no obligation.
The bank said the mistake only affected accounts set up by its migrant banking team for clients who were residing outside Australia at the time.
"Approximately 40 per cent of these customers have either closed or have not used their account this year," NAB said.
"Furthermore, 19,000 of these accounts have a balance of less than $2."
This has an interesting legal aside. Only a single email address received all the 60,000 records involved. The email address that received the records is a gmail one, and Google due to privacy won't reveal who owns the email address. So not too much to worry about here if only a single email was involved.
http://www.afr.com/business/banking-and-finance/financial-se…
absolute negligence that the transmitted data was not encrypted, regardless of whom they sent it to
I don't think you have much redress as an individual in reaction. Maybe there will be a class action from MB or S&G but it probably isn't big enough to interest them.
Sony got hacked a while ago and came to some deal with users for about $50 credit/gifts.
You might have increased risk of identity fraud, so keep all documentation about this incident to blame NAB and change your bank account number as a precaution.
I think the question should be "What CAN I do?"
There really isn't that much except to close and reopen your account if you're really worried.
The information isn't sensitive in that there were no passwords or anything and it is unlikely that you'll be targetted by scammers based on them having that information. The information leaked is no different to the information we'd provide for direct debits or information that a seller would provide a buyer for a direct deposit situation.
The BSB and account number is not very valuable to a scammer (especially when compared to a credit card number).
Legally, it's definitely not legal to send your details to someone else. But these things happen from time to time and it won't be limited to just banks.
The error that occurred seems to a be one-off incident due to "fat fingers" rather than a systematic issue so it's not something that's easily preventable given that people make mistakes. At worst, they'll just need to show the regulators and they have processes to avoid similar situations in future (and compensation for any losses as a result - if there are even any losses).
thanks heaps!!!
This was in the news last week. What do you want them to do?