Slashdot Mirror

← Back to Stories (view on slashdot.org)

Australia's Largest Bank Lost The Personal Financial Histories Of 12 Million Customers, And Did Not Tell Them About It (buzzfeed.com)

Posted by msmash on from the that's-shite,-mate dept.

The Commonwealth Bank, the largest bank in Australia, has lost the personal financial histories of 12 million customers, and chose not to reveal the breach to consumers, in one of the largest financial services privacy breaches ever to occur in Australia, BuzzFeed News reports. From the report: BuzzFeed News can reveal that the nation's largest bank lost the banking statements for customers from 2004 to 2014 after a subcontractor lost several tape drives containing the financial information in 2016. While the bank initially notified the Office of the Australian Information Commissioner (OAIC) of the breach shortly after it became aware of it in 2016, a spokesperson for the OAIC told BuzzFeed News it was now making further inquiries into the privacy breach, following a damning report into the bank's culture released on Tuesday. Angus Sullivan, Commonwealth Bank's acting group executive of retail banking services told BuzzFeed News in a statement: "We take the protection of customer data very seriously and incidents like this are not acceptable. We want to assure our customers that no action is required and we apologise for any concern the incident may cause." "We undertook a thorough forensic investigation, providing further updates to our regulators after its completion. We also put in place heightened monitoring of customer accounts to ensure no data compromise had occurred."

4 of 52 comments (clear)

  1. Magic auditor handwaving by Anonymous Coward · · Score: 2, Insightful

    "KPMG's forensic investigation "found the most likely scenario was the tapes were disposed of"."

    They couldn't find evidence of any outcome, so they just assumed the most beneficial one. How convenient for *almost* everyone involved.

  2. Let me get this straight by burtosis · · Score: 5, Insightful
    The entire database of these 12m customers history was stored, unencrypted, on tapes (of all things in 2012), then just lost? I was going to make a snarky comment but rtfa just in case and it didn't disappoint:

    One possibility that was canvassed by KPMG is that the drives weren’t secured properly and fell from a truck in transit that was carrying the data for destruction. Forensic investigators hired to assess the breach retraced the route of the truck to determine whether they could locate the drives along this route, but were unable to find any trace of them.

    Literally they say it may have fallen off the back of a truck, and here I thought that was only ever hyperbole for theft. Well, I'm glad that irresponsible phase is behind them and their rigorous adherence to data security and unparalleled altruism when it comes to customers will carry them forward.

    1. Re:Let me get this straight by orev · · Score: 3, Insightful

      Tapes are still one of the most economically efficient and reliable mediums available, in 2012 and even in 2018. Obviously the one drawback is they can be easily transported and lost...

    2. Re:Let me get this straight by anegg · · Score: 4, Insightful

      12 million financial histories were not LOST. They were potentially disclosed to unknown person(s). As with other cases involving copies of digital data, language originally developed for a world of unique exemplars fails in the domain of easily replicated elements.