Australia’s troubled Commonwealth Bank admitted on Thursday it had lost financial records for almost 20 million customers in a major security blunder — but insisted there was no need to worry.
The nation’s biggest company said it could not find two magnetic data tapes that stored names, addresses, account numbers and transaction details from 2000 to 2016.
National broadcaster ABC said the records were supposed to have been destroyed by a sub-contractor after the decommissioning of a data centre, but the bank never received documentation to confirm this happened.
The lender assured customers there was no need to worry as the tapes did not contain passwords, PINs or other data that could be used for fraudulent purposes.
It said in a statement after the incident was exposed by Australian media that an independent forensic investigation in 2016 “determined the most likely scenario was the tapes had been disposed of”.
It said the issue was not cyber-related and there was no compromise of its technology platforms, systems, services, apps or websites and no evidence of customer harm.
But ongoing monitoring of the 19.8 million customer accounts involved is continuing, just in case.
“We take the protection of customer data very seriously and incidents like this are not acceptable,” said Angus Sullivan, acting group executive for the lender’s retail banking services.
“I want to assure our customers that we have taken the steps necessary to protect their information and we apologise for any concern this incident may cause.”
He added customers had a 100 percent security guarantee against fraud where it was not their fault.
“The relevant regulators were notified in 2016 and we undertook a thorough forensic investigation, providing further updates to our regulators after its completion,” Sullivan added.
“We also put in place heightened monitoring of customer accounts to ensure no data compromise had occurred.
“We concluded, given the results of the investigation, that we would not alert customers.”
But Prime Minister Malcolm Turnbull called it “an extraordinary blunder” and said people should have been told.
“It’s hard to imagine how so much data could be lost in this way,” he said.
“Maintaining data security is of vital importance for everybody, whether it’s the private sector or governments and if there is a serious data breach or loss, the people affected should be advised so they can take steps to protect themselves,” he said.
The latest revelations cap a troublesome few months for Commonwealth Bank.
On Tuesday, a report by the country’s financial services regulator slammed it for a complacent culture and ineffective board after a series of scandals.
The banking giant has been embroiled in claims it broke anti-money laundering and counter-terrorism financing laws and is also facing court over alleged rigging of the benchmark interest rate, which is used to set the price of domestic financial products.
Alongside Australia’s three other major lenders — National Australia Bank, Westpac and ANZ — it is also under scrutiny in a royal commission looking into misconduct in the finance industry.