More Bad News Hits Commonwealth Bank With Customer Data Bungle

The statements reportedly contained customers’ names addresses account numbers and transaction details

The statements reportedly contained customers’ names addresses account numbers and transaction details

The Commonwealth Bank has admitted a supplier lost two magnetic tapes in 2016 containing backup data on nearly 20 million customers.

The data took the form of bank statements spanning the years 2000-2016 and was stored on two magnetic tapes that were due to be destroyed by a third-party contractor, Fuji-Xerox.

NAB chief executive Andrew Thorburn said the bank would likely be reviewing its own data processes after CBA's massive breach.

Brody said a situation like this could be worse next time because new laws on credit reporting that come into effect on July 1, 2018, will allow banks to access more of the credit history of Australians than they now have access to.

I was really surprised to learn how the bank treated customer data so carelessly in the past and can't help but feel that this is yet another PR disaster for it. Data on the tapes did include names, addresses, account numbers and transaction details.

'We take the protection of customer data very seriously and incidents like this are not acceptable, ' Mr Sullivan said.

The privacy commissioner was informed - but affected customers weren't told.

Syrian Army, Islamic State Wage Fierce Battle in South Damascus
Unrwa called for civilians to be allowed safe passage out of the area and for humanitarian groups to be given access. Global humanitarian law must be respected at all times.

CEO of CBA Matt Comyn said all of the APRA recommendations would be implemented:"We will establish a higher level of accountability and outcome for our actions and the impact we have on customers".

"Even when you are not required to make an individual notification to affected individuals, I think it will often be prudent for organisations to make some kind of public announcement that they have had an incident and [explain] how they have addressed it", Mr Leonard said. An independent probe conducted by a forensic team from accounting firm KPMG also did not provide any conclusive evidence on what happened to the tapes. Ongoing monitoring of accounts by CBA confirms customers do not need to take any action. The Commonwealth Bank insists that customer security has not been compromised as the statements did to contain customer passwords or pin numbers. It did not tell customers because "we balanced the need to alert customers without unnecessarily alarming them", he said.

The OAIC said in statement that it had chose to make "further inquiries in relation to this matter" after reading APRA's report into CBA culture, which was released earlier this week.

It said the issue was not cyber-related and there was no compromise of its technology platforms, systems, services, apps or websites and no evidence of customer harm.

CBA's announcement, which was made in a YouTube video by a senior bank executive a day after BuzzFeed Australia reported the data breach, puts further pressure on Australian banks already reeling from revelations of widespread misconduct in a judicial inquiry.

CBA also admitted to using old medical definitions in order to refuse sick customers health insurance payouts.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.