National Australia Bank will pay you to break its systems

The red and black bank has launched a cyber bug bounty program in partnership with Bugcrowd.
Written by Asha Barbaschow, Contributor

The National Australia Bank (NAB) has launched a bug bounty program, offering a reward to security researchers who uncover previously undisclosed vulnerabilities in the bank's environment.

The bank has partnered with crowdsource security firm Bugcrowd for the new program. To participate, individuals must have an "Elite Trust Score" on the Bugcrowd platform.

NAB executive of enterprise security Nick McKenzie said using "controlled crowdsourcing" methods would assist NAB to further test and strengthen its existing cybersecurity capabilities.

"Controlled, crowdsourced cybersecurity brings together uniquely skilled testers and security researchers with fresh perspectives to uncover vulnerabilities in our defences that traditional assessment might have missed," McKenzie said.

"Proactive cybersecurity measures are vital in today's hyperconnected environment where new threats are constantly emerging."

McKenzie said moving to a paid bounty system gives NAB the opportunity to "attract a wider pool of ethically-trained security researchers from across the globe".

"Diversity is a critical yet often overlooked factor in security and controls strategies," he added.

NAB in July last year admitted that some personal information on approximately 13,000 customers was uploaded, without authorisation, to the servers of two data service companies.

The compromised data included customer name, date of birth, contact details, and in some cases, a government-issued identification number, such as a driver's licence number.

NAB in early 2017 also admitted it sent the details of approximately 60,000 customers to an email address on a global domain rather than its .au address.

It is understood customer information was sent in error to an nab.com address rather than an email address on the nab.com.au domain.

Meanwhile, Bugcrowd in April raised another $30 million in its Series D round, bringing its total funding to over $80 million.

The company is based in San Francisco.


Editorial standards