AUSTRALIAN BANK LOST DATA FOR 19.8 MILLION ACCOUNTS
Australia’s Commonwealth Bank has confirmed that two magnetic tapes containing transaction information for 19.8 million accounts went missing two years ago after being mishandled by a subcontractor.
The data gaff stayed under wraps for two years until Buzzfeed published a report on Thursday. After that, Commonwealth began sending emails to customers, notifying them of the incident.
The bank says it launched an investigation on May 9, 2016, after it didn’t receive certification that the tapes were destroyed. Executives opted to not inform customers after the investigation suggested that the tapes had likely been destroyed, says Angus Sullivan, Commonwealth’s acting group executive for retail banking services.
Commonwealth Bank says it notified the Office of the Australian Information Commissioner, the country’s data protection regulator, on May 20, 2016. At the time, the OAIC indicated it would take not action.
So far, Commonwealth says there’s no evidence that the information has been misused. It is continuing to monitor the affected accounts for suspicious activity.
The tapes contained customer names, addresses, account numbers and transaction details, but not passwords or PINs “that could be used to enable account fraud,” according to a statement from the bank. The transaction data on the tapes range from 2000 through early 2016.
Commonwealth also hired KPMG to conduct an independent investigation. KPMG determined that “the most likely scenario was the tapes had been disposed,” the bank says.
– govinfosecurity.com –