Via the ABC:
The Commonwealth Bank has confirmed it lost the historical financial statements of almost 20 million accounts, but insists its customers’ information has not been compromised.
The statements, containing customers’ names, addresses, account numbers and transaction details from 2000 to 2016, were stored on two magnetic tapes which were lost by sub-contractor Fuji-Xerox last year.
When the bank became aware of the incident, it said, it ordered an independent “forensic” investigation to figure out what had happened and informed the Office of the Australian Information Commissioner (OAIC).
The inquiry, conducted by KPMG, determined the tapes had most likely been disposed of.
Commonwealth Bank’s Angus Sullivan described the incident as “unacceptable” but said the tapes did not contain any passwords or PINs that could compromise customers’ accounts.
“The relevant regulators were notified in 2016 and we undertook a thorough forensic investigation, providing further updates to our regulators after its completion.”
As a precaution, the bank said it has been monitoring the 19.8 million accounts involved and had so far found “no evidence of customer harm or suspicious account activity”.
But the bank never alerted its customers to the potentially-massive privacy breach and has only gone public after BuzzFeed News broke the story.
Mr Sullivan has defended the bank’s decision, saying it had discussed the matter with the OAIC which told the bank it did not intend to take any further action.
However, Mr Sullivan said the OAIC contacted the bank this week seeking more information about the possible breach.
So your account details are “most likely” not in a scammer’s database in Nigeria.
And when it rains it pours, from Banking Day:
A Commonwealth Bank subsidiary last night swung into damage control after confirming that a data breach compromised the personal email addresses of its customers, which included staff employed at the Reserve Bank.
The bungle is set to be the first privacy breach at a local bank to be reported to the Office of the Information and Privacy Commissioner under a mandatory disclosure regime introduced in February.
CBA’s Beem instant payments platform inadvertently revealed the email addresses of thousands of customers on Tuesday at the same time as the Australian Prudential Regulation Authority released damaging findings from an independent inquiry into operational risk failures across the bank’s operations.
Just add it to the list:
- predatory lending;
- poor risk controls;
- fraudulent insurance;
- fraudulent financial advice;
- charging fees to dead people;
- manipulating BBSW;
- manipulating forex;
- money laundering for mafia and terrorists, and
- failing to report shit to regulators.
Time for a CBA acronym competition…
…corrupt, bastard, arsehole…
