20M CommBank Customers Affected By Potential Privacy Breach
Commonwealth Bank has apologised for a privacy breach that affected millions of customers, reassuring them that their personal information had not been compromised.
The transaction details from millions of accounts was stored on two magnetic tapes, which are believed to have been lost by the company’s sub-contractor Fuji-Xerox last year.
The lost statements allegedly contained personal information including customer’s names, addresses, account numbers, and transaction details from 2000 to 2016.
Around 20 million customers are believed to have been affected by the huge blunder, however, CommBank are insisting that the personal information of their customers has not been compromised and there’s no way any money can be access from people’s accounts.
The bank believes that the tapes which are unaccounted for were most likely destroyed after they opened an independent “forensic” investigation into the incident to figure out exactly what happened.
The acting group executive for retail banking services at Commonwealth Bank, Angus Sullivan, said that the issue was “unacceptable” however, he reassured customers that no passwords or PINs have been compromised.
“I want to assure our customers that we have taken the steps necessary to protect their information and we apologise for any concern this incident may cause,” he said in a statement.
“The relevant regulators were notified in 2016 and we undertook a thorough forensic investigation, providing further updates to our regulators after it’s completion.”
Buzzed News broke the story yesterday about the potential security breach, forcing Commonwealth Bank to go public with the issue. Since then, CommBank have confirmed that they have been monitoring all 19.8 million accounts involved, but so far no suspicious account activity has been found.
Mr Sullivan has defended CommBank’s decision to not go public with the issue earlier, saying that they contacted the Office of the Australian Information Commissioner, who told them that it didn’t need to be further investigated.
The matter didn’t surface again until earlier this week when the OAIC contacted the bank, asking for more information about the potential security breach.
It’s understood that cause for concern was brought about when the two magnetic tapes were scheduled to be destroyed by Fuji-Xerox at a data storage centre, but the company never produced the “deconstruction certificate” for the data drives.