In a time when banks are already considered untrustworthy, one of Australia’s leading banks has admitted it lost almost 20 million accounts when back up data storage tapes went missing in 2016.
The Commonwealth Bank issued a statement admitting the loss of 15 years of financial data for millions of customers, claiming that there is no evidence of this information being compromised or any resulting suspicious activity.
“The tapes did not contain PINs, passwords or other data that could enable account fraud,” said CBA’s acting group executive for retail banking services, Angus Sullivan.
However, they did contain historical customer statements, including customer names, addresses, account numbers and transaction details dating from 2000 to early 2016.
The magnetic tapes in question were scheduled to be destroyed but went missing when left unattended by the person responsible for the disposal. After evidence of disposal could not be produced, bank personnel searched for them with no luck.
Rather than go public, CommBank concluded that the tapes were “most likely destroyed” and, although regulators were informed, the bank decided it wasn’t necessary to inform customers about the breach.
After an article was published on BuzzFeed on Wednesday, the bank changed its tack and, with a YouTube video, immediately sought to assure customers their data was not compromised.
“We take the protection of customer data very seriously and incidents like this are not acceptable,” said Mr Sullivan.
“I want to assure our customers that we have taken the steps necessary to protect their information and we apologise for any concern this incident may cause.
“CBA also commissioned an independent forensic investigation by KPMG to help us identify steps we could take to avoid similar incidents in the future.
“We also heightened the ongoing monitoring of accounts, to ensure we can promptly detect any suspicious activity related to this data.
“Importantly, the investigation found no evidence that customers’ data had been compromised or accessed by third parties.”
According to the BuzzFeed report, the bank notified both the Australian Prudential Regulations Authority and the Office of the Australian Information Commissioner (OAIC) in 2016 of the data loss. “The OAIC replied several days later informing the bank that no further action would be taken,” the report said.
The OAIC has now decided to make further inquiries about the matter.
CommBank is already embroiled in scandals related to alleged rigging of interest rates, money laundering and unscrupulous behaviour.
Customers seeking information about the data breach should call 1800 316 433.
What do you think of the bank’s decision not to inform its customers of this breach? Do you trust your bank? Do you believe that your data is safe?