The CBA has admitted it lost backup data on tape for more than 15 years of customer statements in 2016, affecting almost 20 million accounts.
The Office of the Australian Information Commissioner (OAIC) is now seeking more assurances from the bank that it has learnt from the massive data breach.
CBA says it had been unable to confirm the destruction of two magnetic tapes containing historical customer statements.
The tapes contained customer names, addresses, account numbers and transaction details from 2000 to early 2016. The breach has sent a wave of fury through CBA customers who want answers.
In an attempt to soften the blow, the bank has sent notifications to customers on the status of their accounts.
Those not affected received word that “there is no evidence of your information being compromised and you do not need to take any action”.
The note comes amid growing concern about what data may or may not be safe.
An investigation in 2016, when the incident occurred, determined it was most likely the tapes had been disposed of and the bank immediately put mechanisms in place to further protect customers.
The OAIC released a statement this morning confirming it was notified of “an incident” by the CBA in 2016 but in light of the damning report into the bank’s culture released on Tuesday it was now seeking more assurances from the bank it would not happen again.
“Having regard to the findings in the report by the Australian Prudential Regulation Authority into the CBA released on Tuesday, the OAIC has made further inquiries in relation to this matter and has sought information from the CBA to satisfy the OAIC that the CBA has taken on board lessons learned from this incident, to ensure the privacy of customer’s personal information is adequately protected,” the statement said.
RELATED: Regulator’s scathing report of CBA
REVEALED: CBA ‘charged dead customers’
The OAIC advised any Australians with concerns about the data breach to contact CBA first then to contact the OAIC if it was not satisfied with the response.
Finance Minister Mathias Cormann revealed this morning Attorney-General Christian Porter was seeking urgent briefings on the incident.
The Attorney-General was advised about the incident last night.
Senator Cormann said bank customers would have been notified now under new laws which penalise companies if they fail to notify any affected Australians of a serious data breach.
“Since February, there is a mandatory reporting requirement. This couldn’t happen now,” he told Sky News.
Shadow Treasurer Chris Bowen has savaged the bank’s response to their latest scandal, saying reports of the loss were “extremely concerning”.
The CBA’s acting group executive for retail banking services, Angus Sullivan, issued a statement on YouTube after BuzzFeed Australia published an article about the incident on Wednesday.
“The tapes did not contain PINs, passwords or other data that could enable account fraud,” he said.
In a statement the bank said it had confirmed there was no evidence of information being compromised for the 19.8 million accounts involved or suspicious activity following the incident.
RELATED: How royal commisson will hurt banks
Commonwealth Bank is resisting calls for more resignations despite a report revealing its failures in governance, accountability and culture.
The Australian reports CBA is expected to cut executive pay again this year – in the wake of the investigation into allegations that it broke anti-money laundering and counter-terrorism financing laws.
It comes after the Australian Prudential Regulation Authority slapped Australia’s biggest bank with a $1 billion capital penalty and a court-enforceable agreement to implement changes.
“We take the protection of customer data very seriously and incidents like this are not acceptable,” Mr Sullivan said.
“I want to assure our customers that we have taken the steps necessary to protect their information and we apologise for any concern this incident may cause.”
The Australian Prudential Regulation Authority said on Tuesday that community trust in Australia’s banks had been “badly eroded” and CBA had failed to meet expectations and “fallen from grace”.
“It’s only natural that CBA customers would be worried about the breach — our financial information is one of the most important things to protect,” Mr Bowen said.
“What did the Turnbull government and Information Commissioner know about the breach?
“Why has it taken years for people to find out?
“The Government and the Information Commissioner need to make full statements today on their knowledge and actions in 2016.”
Mr Bowen blamed the government for stalling data breach notification laws, which were now in place, for the fact the bank was not forced to notify affected customers.
Under the new laws, which came into force in February, all Australians affected by a major data breach must be notified by the responsible organisation within 30 days.
The company must also notify the Information Commissioner or face harsh penalties.
“CBA needs to provide information to customers today about what has occurred and what actions were taken to after the breach was discovered,” Mr Bowen said.
The data breach notification scheme has exposed the massive rate of breaches in its first few weeks of implementation.
More than 60 major breaches were reported in the first few weeks of the scheme alone
NAB HIT BY BIG PROFIT FALL
NAB announced today its first-half profit has fallen 16.2 per cent to $2.76 billion after expenses soared on restructuring costs.
Cash profit for the six months to March 31 was hit by a 25.3 per cent jump in expenses largely related to the overhaul announced last year, but slipped just 0.2 per cent once those restructuring costs were stripped out.
Net operating income rose 2.5 per cent to $9.09 billion and the bank held its interim dividend at 99 cents, fully franked.
The bank has revealed its plans to leave the wealth management sector, saying it will offload MLC, including its funds management, financial advice and superannuation business.
“We need to simplify the bank. Complexity in the bank is just killing us,” NAB Group CEO Andrew Thorburn said.