Australian bank lost data of 20mn accounts

Adjust Comment Print

The Commonwealth Bank has admitted a supplier lost two magnetic tapes in 2016 containing backup data on nearly 20 million customers.

Commonwealth Bank today confirmed that there was no evidence of customer information being compromised or suspicious activity following an incident in 2016.

The bank informed its regulators and launched an internal investigation which found the tapes had "most likely been disposed of", Sullivan said.

However, Buzzfeed News reports that one of the possible scenarios investigated by KPMG was that the tapes fell off the back of a truck when they were being transported to be destroyed. Teams retraced the route of a bank subcontractor's vehicle to look for the backup drives but couldn't find any trace of them, BuzzFeed reported.

However, the bank ultimately decided not to inform its customers about the massive data loss.

If you're with Commonwealth Bank, sorry dude - it turns out the bank actually lost its data on 12 million customers two years ago, and didn't bother to tell you.

The Commonwealth Bank's acting head of retail, Angus Sullivan, defended the decision not to tell customers in an interview with the ABC's AM program.

Anna Johnston, director of privacy consultancy Salinger Privacy and a former NSW deputy privacy commissioner, said if there were a push to get all organisations to disclose every breach, we'd end up with "data breach fatigue", where people begin to ignore notifications due to the sheer volume being sent, no matter how important the breach.

Ronny Jackson will not return as Trump's physician
Jackson has denied the allegations, as have the White House and Secret Service. "Tester should resign", Trump tweeted on Saturday. Jackson, who withdrew as Trump's VA pick last week, will remain on the staff of the White House medical unit, the official added.

While the bank does not comment on individual cases, it has said it immediately put mechanisms in place to protect customers after the 2016 data loss.

"We concluded, given the results of the investigation, that we would not alert customers.We take the protection of customer data very seriously and incidents like this are not acceptable".

Australia's top financial regulator APRA released an excoriating report on CBA this week slamming a "widespread sense of complacency" at the bank, with Australia's Treasurer Scott Morrison saying he expected top executives at CBA would step down.

The statements did include customer names, addresses, account numbers and transaction history.

The Australian Prudential Regulation Authority said on Tuesday that community trust in Australia's banks had been "badly eroded" and CBA had failed to meet expectations and "fallen from grace".

The tapes contained customer names, addresses, account numbers and transaction details, but not passwords or PINs "that could be used to enable account fraud", according to a statement from the bank.

The bank said it had also ordered an independent investigation.

It said the issue was not cyber-related and there was no compromise of its technology platforms, systems, services, apps or websites and no evidence of customer harm.