Slashdot Mirror

← Back to Stories (view on slashdot.org)

8000 Credit Cards' Details Compromised In Australian Bank Breach

Posted by timothy on from the 4000-bruce-4000-sheila dept.

mask.of.sanity writes "Australia's largest bank, the Commonwealth Bank, has cancelled 8,000 credit cards after it detected a data breach at a merchant. Mastercard and Visa may issue penalties including fines to the acquiring bank under the payment industry's PCI-DSS compliance rules. News of breaches is uncommon in Australia because the nation does not have data breach disclosure laws."

9 of 54 comments (clear)

  1. Anti-CBA spin? by _merlin · · Score: 5, Insightful

    I don't get why so many stories are spinning this as though it's somehow CBA's fault. CBA detected the data breach, alerted the public, and cancelled affected cards. They failed to name and shame the company that suffered the breach, only indicating that it was a bank outside Australia. CBA deserves some credit for handling the situation as well as they could.

    1. Re:Anti-CBA spin? by robbak · · Score: 5, Insightful

      That's what I thought too. Even the statement about disclosure laws is out of place,as the laws that would apply are the laws in the country where the issuing bank and/or retailer is based.

      CBA probably couldn't reveal the bank or retailer either, as they would probably end up fighting a defamation lawsuit.

      --
      Prediction for end of Universe #42: Fencepost error in Quantum_bogosort.cpp
    2. Re:Anti-CBA spin? by dbIII · · Score: 2

      Is speaking the truth not a defense against such lawsuits?

      Not always. Some places instead have a "public interest" clause so that if it is true but it is successfully argued that it is not in the public interest you lose. The state where I live used to have defamation laws like that.

  2. NAB has them too by MavEtJu · · Score: 2

    In the last two years I have been given a replacement credit-card from the NAB bank twice.

    One day everything work fine, the next day they don't work anymore and three days later when you call them they say that they are in the process of re-issueing them.

    Thanks for not letting me know on day one, and thanks for not being able to buy anything for two weeks.

    --
    bash$ :(){ :|:&};:
    1. Re:NAB has them too by BarryHaworth · · Score: 4, Interesting
      This must be why I couldn't use an ATM last Thursday.

      I'm with the CBA, and twice in the last few years I've had my card cancelled and reissued. The first time it was because of a data breach like this one - a card skimmer had been used on one of the ATMs in my area and all people who had used ATMs in the vicinity had cards cancelled & reissued. The more recent time it was just me - someone had skimmed my card and used it to make a purchase in London.

      Both times the bank was very efficient, and while there was the inconvenience of waiting for a new card and, in the second instance, waiting for the stolen money to be recovered there was otherwise no problem.

      --
      I am a Statistician. One false move and you are a Statistic
    2. Re:NAB has them too by MavEtJu · · Score: 2

      Australia has the concept of Debit "Credit-Cards", which immediately deduct the money from the account.

      I assume the person you replied to has one of them.

      --
      bash$ :(){ :|:&};:
  3. It was more than just CommBank by unreadepitaph · · Score: 2

    All of the big 4 had to cancel and re-issue a heap of cards not just the Commonwealth Bank.

    --
    My internetting is no good.
  4. the only reason this is news by Anonymous Coward · · Score: 2, Insightful

    the awful behaviour of banks in the US that go to extreme lengths to blame the credit card holder
    here we have a bank outside the US that should be a decent example of what banks should do
    - tell your customers that their cards no longer work and why
    - priority issue them new cards as they may be reliant on the credit cards
    - don't name who screwed the pooch. customers can contact the bank if they want more info
    - the bank absorbs the cost of the fraudulent transactions (kept low by picking up on the activity early)

    the actual story here is a bank (not cba) was requesting transactions into a merchant account
    the commonwealth bank analysis software detected something very suspicious with the transactions
    it subsequently cancelled all associated credit cards being used preventing further fraudulent transfers
    it immediately generated new cards to issue those who were affected
    it's unknown if other banks have detected similar transactions on their customers cards

    frankly this could be a side effect of the psn breach for all we know
    it might just be that other banks haven't detected / admitted the customers cards have been compromised

  5. Re:Worst part by jamesh · · Score: 2

    I know I would if it gets me into any trouble ether with the law or a restaurant or store because I found out my card was not valid a little to late.

    It's an offence in Australia to purchase goods (eg eat food in a restaurant or fill your car up with petrol) when you have or should have knowledge that you can't pay for it... I assume other countries have similar laws.

    Not being aware that your card was just cancelled does not meet the above criteria though so I think you'd be safe from the law. The restaurant might be a little pissed, but i'm sure it wouldn't be the first time and they'd have a way of dealing with it (can you wash dishes? :)