CBA scrambles to tell customers of huge data loss

CommBank admits to losing data of around 20 million customer accounts.

CBA now scrambles to tell customers of huge data loss

In a time when banks are already considered untrustworthy, one of Australia’s leading banks has admitted it lost almost 20 million accounts when back up data storage tapes went missing in 2016.

The Commonwealth Bank issued a statement admitting the loss of 15 years of financial data for millions of customers, claiming that there is no evidence of this information being compromised or any resulting suspicious activity.

"The tapes did not contain PINs, passwords or other data that could enable account fraud," said CBA's acting group executive for retail banking services, Angus Sullivan.

However, they did contain historical customer statements, including customer names, addresses, account numbers and transaction details dating from 2000 to early 2016.

The magnetic tapes in question were scheduled to be destroyed but went missing when left unattended by the person responsible for the disposal. After evidence of disposal could not be produced, bank personnel searched for them with no luck.

Rather than go public, CommBank concluded that the tapes were “most likely destroyed” and, although regulators were informed, the bank decided it wasn’t necessary to inform customers about the breach.

After an article was published on BuzzFeed on Wednesday, the bank changed its tack and, with a YouTube video, immediately sought to assure customers their data was not compromised.

“We take the protection of customer data very seriously and incidents like this are not acceptable,” said Mr Sullivan.

“I want to assure our customers that we have taken the steps necessary to protect their information and we apologise for any concern this incident may cause.

“CBA also commissioned an independent forensic investigation by KPMG to help us identify steps we could take to avoid similar incidents in the future.

“We also heightened the ongoing monitoring of accounts, to ensure we can promptly detect any suspicious activity related to this data.

“Importantly, the investigation found no evidence that customers’ data had been compromised or accessed by third parties.”

According to the BuzzFeed report, the bank notified both the Australian Prudential Regulations Authority and the Office of the Australian Information Commissioner (OAIC) in 2016 of the data loss. “The OAIC replied several days later informing the bank that no further action would be taken,” the report said.

The OAIC has now decided to make further inquiries about the matter.

CommBank is already embroiled in scandals related to alleged rigging of interest rates, money laundering and unscrupulous behaviour.

Customers seeking information about the data breach should call 1800 316 433.

What do you think of the bank’s decision not to inform its customers of this breach? Do you trust your bank? Do you believe that your data is safe?



    To make a comment, please register or login
    3rd May 2018
    They, probably, didn't tell customers because, that:
    1) would have started a stampede of withdrawals and closure of bank accounts
    2) shares would have tumbled

    "The magnetic tapes in question were scheduled to be destroyed but went missing when left unattended by the person responsible for the disposal"
    -Lest we suspect that the tapes were stolen and may be used in the future.

    “However, they did contain historical customer statements, including customer names, addresses, account numbers and transaction details dating from 2000 to early 2016."
    -While the names and addresses could be used for sale as a list for marketing, there is the greater danger that the thieves or 3rd party thieves may be able to identify wealthy client’s addresses and plan home robberies.
    -The programming codes on the tapes, if identified by the thieves, may be used to attack the wealthy customer accounts and / or the bank's own treasury, in the future.

    It's a sharp sword that CBA and others like them have fallen on.
    3rd May 2018
    Thieves don't need to take all that trouble, HS, just see how many folk post on Facebook that they are away from home and for how long.
    3rd May 2018
    "How are the mighty fallen" - "The bigger they are the harder they fall".

    "CommBank concluded that the tapes were “most likely destroyed” - well they would say that wouldn't they. A more pertinent question using their analogy might well be - how many positions within the banking industry will 'most likely (be) destroyed' ?
    3rd May 2018
    What a bunch of paternalistic, patronising morons this CBA is.
    They've got the hide to tell us what is best for us by not telling us about their stuff-ups which they are too embarrassed to tell us about, for fear they will get the sharp end of the stick.
    4th May 2018
    This is all part of the same Culture & Governance issues which are at the root of the problem as for other issues exposed at the RC.

    Note that this stuff-up would be at the Retail Banking area where such customer accounts reside. That is the same area where the issue of ATMs allowing large deposits without reporting (alleged to be used for money laundering) occurred. Guess who was Head of that Retail Banking area - the newly promoted CEO Matt Comyn! A promotion for overseeing the main disasters!!!!!

    Also, yet another Govt agency, OAIC, now confirmed proven to have turned a blind eye (actually after being informed) to such pathetic management failures. ASIC, APRA and OAIC people involved with monitoring these Banks need to be sacked!
    3rd May 2018
    what a waste of time! Old data. Who would find these tapes and know what to do with them? Who would have the large, expensive complicated equipment to read them?
    Storm in a teacup.
    3rd May 2018
    Storm indeed. Who indeed. That the tapes are inexplicably missing might suggest that in this highly technically sophisticated age there may well in fact exist a party or parties familiar with and suitably equipped to do whatever they please.

    Time for a cuppa.
    3rd May 2018
    Are you serious greenie?
    These are backup files father, grandfather tape backups that were scheduled for destruction because of their sensitive nature.
    Old Geezer
    3rd May 2018
    I agree greenie. The crims already have much more on people than was in those tapes anyway.

    I had a possible breach of one of my bank accounts so I rang the bank and they checked everything out for me. What worried me was that if one gives them their customer id which is on the back of any credit or debits cards you have they are able to send you a message on your mobile. I had used a mobile number that is only used for very sensitive transactions and they were able to send a message to that number. Therefore they must of had my bank details to get that number.

    While on the subject of scams. Be aware your number plates are being copied and used on cars similar to yours. So if you get a fine or toll charge that makes no sense immediately contact the police for a police report. This police report can then be used to dispute the fine or charge. According to the NRMA there is nothing one can do to protect themselves as the crims just look for a car the same as theirs and copy your number plate.
    5th May 2018
    Your comment about number plates interests me, OG. About 8 years ago we got a notice to pay a toll and they claimed to have a photo of our car going west out of Melbourne, over 600km from where we could prove, with purchase receipts, we were at the time. There was also a major inconsistency with the photo, which we uncovered by asking questions about the vehicle (they refused to show us the photo but said it would be produced in court). Eventually, the company dropped their demand. We blamed the company, but it may have been crims who made a number plate like ours.
    3rd May 2018
    Once you put your money in the bank it is no longer yours...the banks can use it to prop themselves up...and you only have $250 insurance per person,, if lucky
    3rd May 2018
    OMG. If this doesn't cause a run on the bank.....
    They should have issued everyone with new account numbers and cards immediately because I know if I lost my credit card that's exactly what I would do and this is so much worse.
    Old Geezer
    3rd May 2018
    Rubbish the crims already have more information that that about you.
    3rd May 2018
    Of course all our savings are at risk the gvt I snuck in the bail in laws 14/2/18 they can legally take our saving if there's a financial crises it was all hush hush
    3rd May 2018
    ray @ Bondi
    3rd May 2018
    I did not know that is there something I can look for on the net too back it up, it looks like another interesting thing to post around the place once it is verified.
    ray @ Bondi
    3rd May 2018
    trust banks, I have not for many years once deregulation set in, at one time the business model was looking after the customer, now it is how to extract the most from the customer buy gouging everything.
    3rd May 2018
    Berthold Brecht to Ned Kelly: "Why rob a bank when you can start one?"
    Old Geezer
    3rd May 2018
    Nothing is lost just a couple of tapes with your details which the crims all ready have so why worry.

    You May Like