Monday, 15 October 2018
Latest news
Main » CBA loses 12 million records, doesn't tell customers

CBA loses 12 million records, doesn't tell customers

03 May 2018

The loss itself occured in 2016 when a subcontractor (Fuki Xerox) seemingly misplaced the data stored on tape drives. The tapes contained customer names, addresses, account numbers and transaction details from 2000 to early 2016.

Commonwealth Bank of Australia said in a statement it had failed to track down two magnetic tapes on which the information was recorded and which had been set aside for destruction in May 2016.

CBA's acting Group Executive, Retail Banking Services, Angus Sullivan accepted responsibility on YouTube after BuzzFeed Australia broke the story on Wednesday. Others suggest that a person tasked with destroying the tapes might have left them unattended. We also put in place heightened monitoring of customer accounts to ensure no data compromise had occurred.

In relation to this fresh privacy scandal, CBA said on Thursday "no evidence was found of any customer information being compromised, and over the past two years there has been no evidence of customer harm or suspicious account activity".

The tapes were due to be disposed of, but CBA could not confirm they were securely destroyed, Sullivan said.

Customers of Commonwealth Bank in Australia are receiving messages about major data loss at the financial institution.

Air National Guard C-130 carrying 9 involved in deadly crash
It was flying from the coastal city of Savannah, Georgia to Tucson, Arizona, where it was to be decommissioned. The Savannah Professional Firefighters Association said it was a C-130 airplane, a military cargo aircraft.

The OAIC is now seeking more assurances from the bank and a statement was released by the organization in this regard.The Office of the Australian Information Commissioner (OAIC) is now seeking more assurances from the bank that it has learnt from the massive data breach. There have been numerous reports of counterfeit credit cards and identities from CBA-owned BankWest available for sale on the dark web, and staff members were sacked from the WA bank in 2014 for selling documents. The tapes did not contain passwords, PINs or other data which could be used to enable account fraud. It did not tell customers because "we balanced the need to alert customers without unnecessarily alarming them", he said.

"Even when you are not required to make an individual notification to affected individuals, I think it will often be prudent for organisations to make some kind of public announcement that they have had an incident and [explain] how they have addressed it", Mr Leonard said.

Buzzfeed has since claimed the OAIC is now making further inquiries, following a report by the banking regulator that slammed the bank for its "widespread sense of complacency".

The bank believes the data was most likely destroyed but can not confirm that is the case.

Commenting on the incident, the Australian Prudential Regulation Authority said that community trust in CBA had been "badly eroded" and the bank had "fallen from grace".

However, Mr Sullivan said the OAIC contacted the bank this week seeking more information about the possible breach.

CBA loses 12 million records, doesn't tell customers