The Commonwealth Bank of Australia says there’s no evidence that customer information was compromised in a data breach incident last year and customers don’t need to take any action.
The breach occurred in May 2016 when the bank couldn’t confirm that two magnetic tapes were destroyed, despite being scheduled for destruction.
The tapes were used by a supplier to print bank statements and contained personal information including customer names, addresses, account numbers, and transaction details.
The bank stresses that the tapes did not contain password or PINs, which could be used for fraud. The bank’s own platforms, systems, services, apps, and websites were not compromised.
“We deployed enhanced reporting and ongoing monitoring of customer accounts to ensure customers were protected. These protections are still in place today,” Commonwealth Bank’s acting group executive of Retail Banking Services, Angus Sullivan, says in an email to customers.
“CommBank offers you a 100% security guarantee against fraud for all your accounts, where you are not at fault. We cover any loss should someone make an unauthorised transaction,” Sullivan says.
The incident paints a clear picture that data breaches don’t necessarily need to be conducted through the internet.
According to ShareRoot, a user-generated content legal rights management software firm, the breach highlights the change in how consumer data will be handled moving forward.
ShareRoot's CEO Noah Abelson-Gertler says the breach also shows that companies collect ‘far more data’ than people realise.
"Consumer consciousness is reaching an abrupt shift. Data sharing, privacy, and breaches, are terms that are getting headlines in newspapers and continue to maintain leading spots on search platforms and social media sites. Bad actors are in the business of hacking into databases and causing breaches because they see the value of the data. The more the breaches, the more the public consciousness increases,” Abelson-Gertler explains.
"There will be more breaches, companies will continue to scramble to improve their data practices, and consumers will keep calling for an overhaul to how companies collect their data and who has control over it."
The Commonwealth Bank offers these tips:
“I want to apologise for any concern this incident may have caused. If there is any change in circumstances I will let you know,” Sullivan concludes.