Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Australia’s Biggest Bank Loses 20 Million Customer Records

Australia’s troubled Commonwealth Bank admitted Thursday it had lost financial records for almost 20 million customers in a major security blunder — but insisted there was no need to worry.

Australia’s troubled Commonwealth Bank admitted Thursday it had lost financial records for almost 20 million customers in a major security blunder — but insisted there was no need to worry.

The nation’s biggest company said it could not find two magnetic data tapes that stored names, addresses, account numbers and transaction details from 2000 to 2016.

National broadcaster ABC said the records were supposed to have been destroyed by a sub-contractor after the decommissioning of a data centre, but the bank never received documentation to confirm this happened.

The lender assured customers there was no need to worry as the tapes did not contain passwords, PINs or other data that could be used for fraudulent purposes.

It said in a statement after the incident was exposed by Australian media that an independent forensic investigation in 2016 “determined the most likely scenario was the tapes had been disposed of”.

It said the issue was not cyber-related and there was no compromise of its technology platforms, systems, services, apps or websites and no evidence of customer harm.

But ongoing monitoring of the 19.8 million customer accounts involved is continuing, just in case.

“We take the protection of customer data very seriously and incidents like this are not acceptable,” said Angus Sullivan, acting group executive for the lender’s retail banking services.

Advertisement. Scroll to continue reading.

“I want to assure our customers that we have taken the steps necessary to protect their information and we apologise for any concern this incident may cause.”

He added customers had a 100 percent security guarantee against fraud where it was not their fault.

“The relevant regulators were notified in 2016 and we undertook a thorough forensic investigation, providing further updates to our regulators after its completion,” Sullivan added.

“We also put in place heightened monitoring of customer accounts to ensure no data compromise had occurred.

“We concluded, given the results of the investigation, that we would not alert customers.”

But Prime Minister Malcolm Turnbull called it “an extraordinary blunder” and said people should have been told.

“It’s hard to imagine how so much data could be lost in this way,” he said.

“Maintaining data security is of vital importance for everybody, whether it’s the private sector or governments and if there is a serious data breach or loss, the people affected should be advised so they can take steps to protect themselves,” he said.

The latest revelations cap a troublesome few months for Commonwealth Bank.

On Tuesday, a report by the country’s financial services regulator slammed it for a complacent culture and ineffective board after a series of scandals.

The banking giant has been embroiled in claims it broke anti-money laundering and counter-terrorism financing laws and is also facing court over alleged rigging of the benchmark interest rate, which is used to set the price of domestic financial products.

Alongside Australia’s three other major lenders — National Australia Bank, Westpac and ANZ — it is also under scrutiny in a royal commission looking into misconduct in the finance industry.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.