NAB falls foul of domain name squatter

NAB falls foul of domain name squatter

National Australia Bank accidentally sent the banking details of 65,000 customers to an email address owned by a prolific domain name squatter and porn Website owner.

The embarrassing bungle emerged in December, when the bank dispatched a bulk email involving its migrant banking customers to an address associated with Real Assets president David Weissenberg.

Weissenberg is the owner of Web domains and nab.nets, along with other salubrious adult sex domains such as supersleazy and sexpornhost.

The bulk mailing included NAB clients' name, address, email address, and in some cases, their BSB and account number. Weissenberg alerted the bank to the error.

In a statement, the bank says there is no indication that customer details have been wrongfully used: "We have been, and continue to, take action to ensure this group of migrant banking customers’ accounts are secure. Although this has been a complex process involving multiple international jurisdictions, all parties - including the email account owner - are taking this extremely seriously and NAB is working hard to resolve this matter for our migrant banking customers as soon as possible."

The incident capped a calamitous end to 2016 for the Australian bank, which aroused the fury of customers after its internet and phone banking crashed two days before Christmas.

Comments: (4)

Nick Ogden
Nick Ogden - - London 10 January, 2017, 09:551 like 1 like

The irony of this is that banks and insurance companies can register secure domains - see NAB could have already been using as their core URL and that could certainly have saved the "streuth mate, we've screwed up" moment......

A Finextra member
A Finextra member 10 January, 2017, 11:14Be the first to give this comment the thumbs up 0 likes

In paragraph 3 I think you mean "insalubrious".

Chris Cotton
Chris Cotton - STePwire - 10 January, 2017, 16:35Be the first to give this comment the thumbs up 0 likes

Surely the main point is that they should never be sending their customers' details in an unencrypted email, not that they accidentally sent it to the wrong address.

Chris Barry
Chris Barry - V2 Innovations - Raleigh 10 January, 2017, 17:26Be the first to give this comment the thumbs up 0 likes

This provides a great use case for Financial Institutions to use their own branded top level domain or as nick points out the new .bank gTLD. NAB owns .NAB and has delegated the string according to ICANN. If they had switched the e-mail domain to .NAB instead of .com this may have been avoided.