3rd May 2018
FONT SIZE: A+ A-
CBA scrambles to tell customers of huge data loss
CBA now scrambles to tell customers of huge data loss

In a time when banks are already considered untrustworthy, one of Australia’s leading banks has admitted it lost almost 20 million accounts when back up data storage tapes went missing in 2016.

The Commonwealth Bank issued a statement admitting the loss of 15 years of financial data for millions of customers, claiming that there is no evidence of this information being compromised or any resulting suspicious activity.

"The tapes did not contain PINs, passwords or other data that could enable account fraud," said CBA's acting group executive for retail banking services, Angus Sullivan.

However, they did contain historical customer statements, including customer names, addresses, account numbers and transaction details dating from 2000 to early 2016.

The magnetic tapes in question were scheduled to be destroyed but went missing when left unattended by the person responsible for the disposal. After evidence of disposal could not be produced, bank personnel searched for them with no luck.

Rather than go public, CommBank concluded that the tapes were “most likely destroyed” and, although regulators were informed, the bank decided it wasn’t necessary to inform customers about the breach.

After an article was published on BuzzFeed on Wednesday, the bank changed its tack and, with a YouTube video, immediately sought to assure customers their data was not compromised.

“We take the protection of customer data very seriously and incidents like this are not acceptable,” said Mr Sullivan.

“I want to assure our customers that we have taken the steps necessary to protect their information and we apologise for any concern this incident may cause.

“CBA also commissioned an independent forensic investigation by KPMG to help us identify steps we could take to avoid similar incidents in the future.

“We also heightened the ongoing monitoring of accounts, to ensure we can promptly detect any suspicious activity related to this data.

“Importantly, the investigation found no evidence that customers’ data had been compromised or accessed by third parties.”

According to the BuzzFeed report, the bank notified both the Australian Prudential Regulations Authority and the Office of the Australian Information Commissioner (OAIC) in 2016 of the data loss. “The OAIC replied several days later informing the bank that no further action would be taken,” the report said.

The OAIC has now decided to make further inquiries about the matter.

CommBank is already embroiled in scandals related to alleged rigging of interest rates, money laundering and unscrupulous behaviour.

Customers seeking information about the data breach should call 1800 316 433.

What do you think of the bank’s decision not to inform its customers of this breach? Do you trust your bank? Do you believe that your data is safe?

RELATED ARTICLES





    COMMENTS

    To make a comment, please register or login
    HarrysOpinion
    3rd May 2018
    10:34am
    They, probably, didn't tell customers because, that:
    1) would have started a stampede of withdrawals and closure of bank accounts
    2) shares would have tumbled

    "The magnetic tapes in question were scheduled to be destroyed but went missing when left unattended by the person responsible for the disposal"
    -Lest we suspect that the tapes were stolen and may be used in the future.

    “However, they did contain historical customer statements, including customer names, addresses, account numbers and transaction details dating from 2000 to early 2016."
    -While the names and addresses could be used for sale as a list for marketing, there is the greater danger that the thieves or 3rd party thieves may be able to identify wealthy client’s addresses and plan home robberies.
    -The programming codes on the tapes, if identified by the thieves, may be used to attack the wealthy customer accounts and / or the bank's own treasury, in the future.

    It's a sharp sword that CBA and others like them have fallen on.
    Triss
    3rd May 2018
    9:18pm
    Thieves don't need to take all that trouble, HS, just see how many folk post on Facebook that they are away from home and for how long.
    MD
    3rd May 2018
    10:44am
    "How are the mighty fallen" - "The bigger they are the harder they fall".

    "CommBank concluded that the tapes were “most likely destroyed” - well they would say that wouldn't they. A more pertinent question using their analogy might well be - how many positions within the banking industry will 'most likely (be) destroyed' ?
    thommo
    3rd May 2018
    10:51am
    What a bunch of paternalistic, patronising morons this CBA is.
    They've got the hide to tell us what is best for us by not telling us about their stuff-ups which they are too embarrassed to tell us about, for fear they will get the sharp end of the stick.
    GeorgeM
    4th May 2018
    3:18pm
    This is all part of the same Culture & Governance issues which are at the root of the problem as for other issues exposed at the RC.

    Note that this stuff-up would be at the Retail Banking area where such customer accounts reside. That is the same area where the issue of ATMs allowing large deposits without reporting (alleged to be used for money laundering) occurred. Guess who was Head of that Retail Banking area - the newly promoted CEO Matt Comyn! A promotion for overseeing the main disasters!!!!!

    Also, yet another Govt agency, OAIC, now confirmed proven to have turned a blind eye (actually after being informed) to such pathetic management failures. ASIC, APRA and OAIC people involved with monitoring these Banks need to be sacked!
    greenie
    3rd May 2018
    10:57am
    what a waste of time! Old data. Who would find these tapes and know what to do with them? Who would have the large, expensive complicated equipment to read them?
    Storm in a teacup.
    MD
    3rd May 2018
    11:08am
    Storm indeed. Who indeed. That the tapes are inexplicably missing might suggest that in this highly technically sophisticated age there may well in fact exist a party or parties familiar with and suitably equipped to do whatever they please.

    Time for a cuppa.
    Rosret
    3rd May 2018
    11:24am
    Are you serious greenie?
    These are backup files father, grandfather tape backups that were scheduled for destruction because of their sensitive nature.
    WT....
    Old Geezer
    3rd May 2018
    2:57pm
    I agree greenie. The crims already have much more on people than was in those tapes anyway.

    I had a possible breach of one of my bank accounts so I rang the bank and they checked everything out for me. What worried me was that if one gives them their customer id which is on the back of any credit or debits cards you have they are able to send you a message on your mobile. I had used a mobile number that is only used for very sensitive transactions and they were able to send a message to that number. Therefore they must of had my bank details to get that number.

    While on the subject of scams. Be aware your number plates are being copied and used on cars similar to yours. So if you get a fine or toll charge that makes no sense immediately contact the police for a police report. This police report can then be used to dispute the fine or charge. According to the NRMA there is nothing one can do to protect themselves as the crims just look for a car the same as theirs and copy your number plate.
    Anonymous
    5th May 2018
    2:14pm
    Your comment about number plates interests me, OG. About 8 years ago we got a notice to pay a toll and they claimed to have a photo of our car going west out of Melbourne, over 600km from where we could prove, with purchase receipts, we were at the time. There was also a major inconsistency with the photo, which we uncovered by asking questions about the vehicle (they refused to show us the photo but said it would be produced in court). Eventually, the company dropped their demand. We blamed the company, but it may have been crims who made a number plate like ours.
    Glen48
    3rd May 2018
    11:02am
    Once you put your money in the bank it is no longer yours...the banks can use it to prop themselves up...and you only have $250 insurance per person,, if lucky
    Rosret
    3rd May 2018
    11:21am
    OMG. If this doesn't cause a run on the bank.....
    They should have issued everyone with new account numbers and cards immediately because I know if I lost my credit card that's exactly what I would do and this is so much worse.
    Old Geezer
    3rd May 2018
    4:39pm
    Rubbish the crims already have more information that that about you.
    marls
    3rd May 2018
    12:10pm
    Of course all our savings are at risk the gvt I snuck in the bail in laws 14/2/18 they can legally take our saving if there's a financial crises it was all hush hush
    Rosret
    3rd May 2018
    12:50pm
    ?
    ray from Bondi
    3rd May 2018
    1:11pm
    I did not know that is there something I can look for on the net too back it up, it looks like another interesting thing to post around the place once it is verified.
    ray from Bondi
    3rd May 2018
    1:13pm
    trust banks, I have not for many years once deregulation set in, at one time the business model was looking after the customer, now it is how to extract the most from the customer buy gouging everything.
    Andy
    3rd May 2018
    1:35pm
    Berthold Brecht to Ned Kelly: "Why rob a bank when you can start one?"
    Old Geezer
    3rd May 2018
    2:48pm
    Nothing is lost just a couple of tapes with your details which the crims all ready have so why worry.


    Join YOURLifeChoices, it’s free

    • Receive our daily enewsletter
    • Enter competitions
    • Comment on articles