sb-au logo
Story image

CommBank says no evidence customer data was compromised in 2016 breach

03 May 2018

The Commonwealth Bank of Australia says there’s no evidence that customer information was compromised in a data breach incident last year and customers don’t need to take any action.

The breach occurred in May 2016 when the bank couldn’t confirm that two magnetic tapes were destroyed, despite being scheduled for destruction.

The tapes were used by a supplier to print bank statements and contained personal information including customer names, addresses, account numbers, and transaction details.

The bank stresses that the tapes did not contain password or PINs, which could be used for fraud. The bank’s own platforms, systems, services, apps, and websites were not compromised.

“We deployed enhanced reporting and ongoing monitoring of customer accounts to ensure customers were protected. These protections are still in place today,” Commonwealth Bank’s acting group executive of Retail Banking Services, Angus Sullivan, says in an email to customers.

 “CommBank offers you a 100% security guarantee against fraud for all your accounts, where you are not at fault. We cover any loss should someone make an unauthorised transaction,” Sullivan says.

The incident paints a clear picture that data breaches don’t necessarily need to be conducted through the internet.

According to ShareRoot, a user-generated content legal rights management software firm, the breach highlights the change in how consumer data will be handled moving forward.

ShareRoot's CEO Noah Abelson-Gertler says the breach also shows that companies collect ‘far more data’ than people realise.

"Consumer consciousness is reaching an abrupt shift. Data sharing, privacy, and breaches, are terms that are getting headlines in newspapers and continue to maintain leading spots on search platforms and social media sites. Bad actors are in the business of hacking into databases and causing breaches because they see the value of the data. The more the breaches, the more the public consciousness increases,” Abelson-Gertler explains.

"There will be more breaches, companies will continue to scramble to improve their data practices, and consumers will keep calling for an overhaul to how companies collect their data and who has control over it."

The Commonwealth Bank offers these tips:

  • Continue using your accounts as you always have.
  • Please remember that CommBank staff will never ask you to divulge your passwords or PINs. We do not send emails with links requesting you to confirm, update or disclose your confidential banking information.
  • If you have questions or would like to discuss, please call us at 1800 316 433.
  • If you would like to find more information you can visit www.commbank.com.au/customerassurance

“I want to apologise for any concern this incident may have caused. If there is any change in circumstances I will let you know,” Sullivan concludes.

Story image
Ripple20 threat has potential for 'vast exploitation', ExtraHop researchers find
One in three IT environments are vulnerable to a cyber threat known as Ripple20. This is according to a new report from ExtraHop, a cloud-native network detection and response solutions provider. More
Story image
Video: 10 Minute IT Jams - Who is CrowdStrike?
Today, Techday speaks to CrowdStrike ANZ channel director Luke Francis about the company's key products and offerings, its upcoming annual security conference, and the infrastructure it leverages in the A/NZ region.More
Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More
Story image
Global attack volume down, but fraud and cyber threats still going strong
“The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry."More
Story image
Gartner: By 2023, 65% of the world will have personal data covered under modern privacy regulations
“Security and risk management (SRM) leaders need to help their organisation adapt their personal data handling practices without exposing the business to loss."More
Link image
Webinar: Best practices for keeping your video chats secure
Video collaboration providers nowadays operate exclusively on a multi-tenant, public cloud - and security and privacy concerns have come into the spotlight. Here's how to secure your communications.More