8000 Credit Cards' Details Compromised In Australian Bank Breach

mask.of.sanity writes "Australia's largest bank, the Commonwealth Bank, has cancelled 8,000 credit cards after it detected a data breach at a merchant. Mastercard and Visa may issue penalties including fines to the acquiring bank under the payment industry's PCI-DSS compliance rules. News of breaches is uncommon in Australia because the nation does not have data breach disclosure laws."

Anti-CBA spin?

[_merlin]

I don't get why so many stories are spinning this as though it's somehow CBA's fault. CBA detected the data breach, alerted the public, and cancelled affected cards. They failed to name and shame the company that suffered the breach, only indicating that it was a bank outside Australia. CBA deserves some credit for handling the situation as well as they could.

Re:Anti-CBA spin?

[robbak]

That's what I thought too. Even the statement about disclosure laws is out of place,as the laws that would apply are the laws in the country where the issuing bank and/or retailer is based.

CBA probably couldn't reveal the bank or retailer either, as they would probably end up fighting a defamation lawsuit.