8000 Credit Cards' Details Compromised In Australian Bank Breach

mask.of.sanity writes "Australia's largest bank, the Commonwealth Bank, has cancelled 8,000 credit cards after it detected a data breach at a merchant. Mastercard and Visa may issue penalties including fines to the acquiring bank under the payment industry's PCI-DSS compliance rules. News of breaches is uncommon in Australia because the nation does not have data breach disclosure laws."

Anti-CBA spin?

[_merlin]

I don't get why so many stories are spinning this as though it's somehow CBA's fault. CBA detected the data breach, alerted the public, and cancelled affected cards. They failed to name and shame the company that suffered the breach, only indicating that it was a bank outside Australia. CBA deserves some credit for handling the situation as well as they could.

Re:Anti-CBA spin?

[robbak]

That's what I thought too. Even the statement about disclosure laws is out of place,as the laws that would apply are the laws in the country where the issuing bank and/or retailer is based.

CBA probably couldn't reveal the bank or retailer either, as they would probably end up fighting a defamation lawsuit.

Re:NAB has them too

[BarryHaworth]

This must be why I couldn't use an ATM last Thursday.

I'm with the CBA, and twice in the last few years I've had my card cancelled and reissued. The first time it was because of a data breach like this one - a card skimmer had been used on one of the ATMs in my area and all people who had used ATMs in the vicinity had cards cancelled & reissued. The more recent time it was just me - someone had skimmed my card and used it to make a purchase in London.

Both times the bank was very efficient, and while there was the inconvenience of waiting for a new card and, in the second instance, waiting for the stolen money to be recovered there was otherwise no problem.