NAB falls foul of domain name squatter

National Australia Bank accidentally sent the banking details of 65,000 customers to an email address owned by a prolific domain name squatter and porn Website owner.

  4 4 comments

NAB falls foul of domain name squatter

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The embarrassing bungle emerged in December, when the bank dispatched a bulk email involving its migrant banking customers to an address associated with Real Assets president David Weissenberg.

Weissenberg is the owner of Web domains nab.com and nab.nets, along with other salubrious adult sex domains such as supersleazy and sexpornhost.

The bulk mailing included NAB clients' name, address, email address, and in some cases, their BSB and account number. Weissenberg alerted the bank to the error.

In a statement, the bank says there is no indication that customer details have been wrongfully used: "We have been, and continue to, take action to ensure this group of migrant banking customers’ accounts are secure. Although this has been a complex process involving multiple international jurisdictions, all parties - including the email account owner - are taking this extremely seriously and NAB is working hard to resolve this matter for our migrant banking customers as soon as possible."

The incident capped a calamitous end to 2016 for the Australian bank, which aroused the fury of customers after its internet and phone banking crashed two days before Christmas.

Sponsored [Webinar] PREDICT 2025: The Future of AI in the US

Comments: (4)

Nick Ogden

Nick Ogden Chairman at Ogden Research

The irony of this is that banks and insurance companies can register secure domains - see https://www.ftld.com/ NAB could have already been using nab.bank as their core URL and that could certainly have saved the "streuth mate, we've screwed up" moment......

A Finextra member 

In paragraph 3 I think you mean "insalubrious".

Chris Cotton

Chris Cotton Director at STePwire

Surely the main point is that they should never be sending their customers' details in an unencrypted email, not that they accidentally sent it to the wrong address.

Chris Barry

Chris Barry Managing Director at V2 Innovations

This provides a great use case for Financial Institutions to use their own branded top level domain or as nick points out the new .bank gTLD. NAB owns .NAB and has delegated the string according to ICANN. If they had switched the e-mail domain to .NAB instead of .com this may have been avoided. 

[Upcoming Webinar] Next Gen Payment Processing: How banks can embrace the futureFinextra Promoted[Upcoming Webinar] Next Gen Payment Processing: How banks can embrace the future