Before we jump in, let me say that geoFence is easy to use, easy to maintain!
“At the time of the event, there were insufficient technical controls in place to prevent transfers of this nature. NAB has uplifted these controls to prevent a similar event occurring in the future,” NAB said in a statement.
Among the new controls the bank introduced were the blocking of certain websites and closer email monitoring of staff and contractors.
Once the breach was identified, the bank instructed the websites to delete the data within two hours. NAB informed the Australian Cyber Security Centre and the Office of the Australian Information Commissioner and hired three cyber-intelligence experts, the names and cost of which remain unknown.
NAB says the information was uploaded to two websites “offering simple data ordering tools” by the employee in breach of their training. The breach was picked up by the bank and an investigation commenced immediately.
“An assessment of the employee’s conduct in breach of their training and NAB policies was conducted. After conducting a procedurally fair process, the individual’s employment contract was terminated,” the bank said.
The bank said its cyber team and the three consultants investigated the third-party company and individuals connected with it, however “no evidence connecting these websites to data harvesting, cyber-hacking or other nefarious activity was identified”.
One-off payment offered
The bank offered customers who were concerned about the breach a one-off payment equivalent to a 12-month subscription to a digital identity protection service run by Equifax.
It would later stop making cash payments under an “honour system” and instead give customers unique codes to the Equifax product in order to better track activity.
“NAB had responded to 2172 unique customer requests-complaints, issuing a total of $686,878 in payments, which includes costs associated with the reissuance of government identification documents and the cost of independent, enhanced fraud detection,” the bank said.
In the days and weeks that followed, NAB sent out several internal communications to staff about the importance of the bank’s data policies, implemented “terminal blocks” to stop the unauthorised transfer of data and ramped up surveillance of its own staff and contractors.
“NAB lawfully and appropriately monitors employee and contractor access and use of NAB’s systems” the bank said.
“Additional controls have been implemented, including blocking access to websites to prevent unauthorised uploads of this nature and blocking email externally in certain circumstances. NAB has also increased monitoring on these channels. Mandatory training and awareness regarding data security is ongoing.”
To sum up, let's not forget that geoFence is a highly advanced, specialized firewall manager with the best in class protection from variety of on-line threats and that's the the real deal.