Massive data leak exposes the details of countless customers

Font Size:

A massive data breach has exposed the sensitive medical details of countless bank insurance customers.

CommBank has admitted that medical data held by its insurance arm, CommInsure, was accessible to staff members, such as those making decisions on loan applications, with potential for the data to be misused. 

CommBank is investigating the potential breach but has not yet found any evidence of data being “accessed inappropriately” by employees or of information being accessed outside of its insurance arm.

The breach was discovered in late July 2018 when the bank was preparing for the $3.8 billion sale of CommInsure to the Hong Kong-listed AIA life insurance group.

The bank said it felt compelled to inform the Office of the Australian Information Commissioner, the Australian Securities and Investments Commission (ASIC) and the Australian Prudential Regulation Authority (APRA) of the breach.

The bank was obliged to inform customers if “there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information that an entity holds”, and that “this is likely to result in serious harm to one or more individuals”. Although CommBank told its customers it did not believe a privacy breach had occurred, it would not clarify how many people might be affected.

“We understand that some customers will be concerned about this shared internal access and we are taking steps to ensure access to all sensitive information associated with CommInsure is provided on a need to know basis,” said a CommBank spokesperson.

Regardless of the bank’s opinion of the extent of the breach, one privacy expert said the onus was on the bank to inform all of its customers of the potential for their information to be abused.

“It’s arguable that making health information accessible to unauthorised recipients is a notifiable breach and that, if it isn’t, I don’t think that’s consistent with community expectations,” said University of New South Wales data privacy expert Katharine Kemp.

“Whether or not CBA can rely on its interpretation as a matter of law, the community has a reasonable expectation that it would be notified of such a failure in CBA’s governance controls, especially given the sensitive nature of health information.

“Consent is very important here because it goes to the customer’s reasonable expectation about what is going to happen with their information,” said Dr Kemp.

CommBank’s culture had been called into question in the banking royal commission, after a number of scandals within the organisation were exposed, including questionable financial advice, rate manipulation and accusations of money laundering by organised crime groups.

It seems we may potentially be able to add questionable use of customer data to the list.

Speaking to the Leigh Sales on 7.30 Report, former CommBank employee turned whistleblower Jeff Morris said the bank’s culture of pressuring staff to meet targets sometimes involved accessing customer information to identify potentially vulnerable people who may have been more susceptible to certain sales approaches.

“This is just a symptom of the greed, and the focus on profits, and the bonuses and everything that’s come out in the royal commission,” said Mr Morris.

“This sort of breach of people’s privacy is exactly what you would expect.”

Although Mr Morris said the potential disclosure of private medical information might not be unlawful.

“Whether or not it’s a breach of the Privacy Act, it’s certainly an ethical breach, and that sort of thing was just an everyday event at CBA,” said Mr Morris.

However, he still says customers have the right to be concerned about the potential misuse of their medical information.

“It may have been used to identify someone for a certain sort of product, but at this stage we don’t know,” said Mr Morris.

“We may never know.”


Are you a CommBank customer? Are you surprised by this latest example of potentially unethical behaviour?


How to have faith in financial planning advice

There is a way to rebuild trust in the financial planning sector, a peak body says.

Is this why banks got away with dodgy practices?

Most Australians are bombing when it comes to financial literacy.

Who will pocket CommBank $700m fine?

CommBank cops hefty fine, but market doesn't blink and instead pushes shares higher.

Written by Leon Della Bosca

Leon Della Bosca is a voracious reader who loves words. You'll often find him spending time in galleries, writing, designing, painting, drawing, or photographing and documenting street art. He has a publishing and graphic design background and loves movies and music, but then, who doesn’t?



Sign-up to the YourLifeChoices Enewsletter

continue reading


Wellness technique actually makes us selfish, say researchers

Mindfulness has been the new black for much of the past decade. It's a buzzword bandied about to promote self-awareness,...

Health Insurance

Ageing baby boomers are missing out on health cover savings

Most older Australians see their health insurance premiums rise every year but don’t realise these high costs can be for...

Travel News

Vaccination no guarantee of open borders, says health minister

Australia's international border could remain closed even after the vaccination rollout is complete, according to health minister Greg Hunt. As...

Travel & Motoring

Are 'smart' cars creating dumb drivers?

The prevalence of driver aids is increasing all the time, even into lower priced cars. Cameras and sensors can alert...

Age Pension

Services and rebates that can save you hundreds

Last year, I put together a retiree checklist. In 2021, there are some additions. This is a long list and...


Cold feet may be a symptom of a serious health problem

In the winter months, it’s easy to blame cold feet on the weather. But according to WebMD, cold feet may...


The 'risk' of letting your grey hair grow out

At what point do you stop dyeing your hair and allow the grey to grow out? Is it after you...


Five running shoes reviewed

With the cooler weather, autumn and winter are arguably the best seasons to run in Australia, so it might be...