Story image

CommBank says no evidence customer data was compromised in 2016 breach

03 May 2018

The Commonwealth Bank of Australia says there’s no evidence that customer information was compromised in a data breach incident last year and customers don’t need to take any action.

The breach occurred in May 2016 when the bank couldn’t confirm that two magnetic tapes were destroyed, despite being scheduled for destruction.

The tapes were used by a supplier to print bank statements and contained personal information including customer names, addresses, account numbers, and transaction details.

The bank stresses that the tapes did not contain password or PINs, which could be used for fraud. The bank’s own platforms, systems, services, apps, and websites were not compromised.

“We deployed enhanced reporting and ongoing monitoring of customer accounts to ensure customers were protected. These protections are still in place today,” Commonwealth Bank’s acting group executive of Retail Banking Services, Angus Sullivan, says in an email to customers.

 “CommBank offers you a 100% security guarantee against fraud for all your accounts, where you are not at fault. We cover any loss should someone make an unauthorised transaction,” Sullivan says.

The incident paints a clear picture that data breaches don’t necessarily need to be conducted through the internet.

According to ShareRoot, a user-generated content legal rights management software firm, the breach highlights the change in how consumer data will be handled moving forward.

ShareRoot's CEO Noah Abelson-Gertler says the breach also shows that companies collect ‘far more data’ than people realise.

"Consumer consciousness is reaching an abrupt shift. Data sharing, privacy, and breaches, are terms that are getting headlines in newspapers and continue to maintain leading spots on search platforms and social media sites. Bad actors are in the business of hacking into databases and causing breaches because they see the value of the data. The more the breaches, the more the public consciousness increases,” Abelson-Gertler explains.

"There will be more breaches, companies will continue to scramble to improve their data practices, and consumers will keep calling for an overhaul to how companies collect their data and who has control over it."

The Commonwealth Bank offers these tips:

  • Continue using your accounts as you always have.
  • Please remember that CommBank staff will never ask you to divulge your passwords or PINs. We do not send emails with links requesting you to confirm, update or disclose your confidential banking information.
  • If you have questions or would like to discuss, please call us at 1800 316 433.
  • If you would like to find more information you can visit www.commbank.com.au/customerassurance

“I want to apologise for any concern this incident may have caused. If there is any change in circumstances I will let you know,” Sullivan concludes.

GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
Why AI will be procurement’s greatest ally
"AI can help identify emerging suppliers, technologies and products in specific categories."
Are AI assistants teaching girls to be servants?
Have you ever interacted with a virtual assistant that has a female-based voice or look, and wondered whether there are implicitly harmful gender biases built into its code?
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
Data#3 to exclusively provide MS licences to WA Government
The technology services provider has won two contracts with the Western Australia Government, becoming its sole Microsoft licence provider.
Why cash is no longer king in Australia
Australia is leading the way in APAC for granting credit on B2B transactions.