CBA account details ‘lost by print provider’

The Commonwealth Bank has admitted it lost backup data for than 15 years of bank statements tied up with almost 20 million accounts in 2016, with its print services sub-contractor Fuji Xerox Document Management Solutions (FXDMS) misplacing two magnetic tapes containing the details.

The statements with the names of customers, addresses and financial details for the period between 2000 to 2016 were stored on the two tapes by the document management business of Fuji Xerox which had the CBA contract. The details were used for mailing printed statements and account information to customers during that period. CBA has said the tapes did not contain passwords, PINs or other data that could enable account fraud.

In 2016 FXDMS was decommissioning the data storage centre where some of CBA’s customer data was stored, the backup tapes for which were meant to be destroyed. However the bank was unable to obtain destruction certificates.

Following the incident, the bank commissioned an independent inquiry by accounting firm KPMG, which determined the tapes had most likely been disposed of or potentially lost during transit. The Office of the Australian Information Commissioner and the Australian Prudential Regulation Authority were notified, but the bank decided to not tell its customers.

[Related: FXDMS printing gay postal vote

Angus Sullivan, Acting Group Executive Retail Banking Services at CBA says, “The relevant regulators were notified in 2016 and we undertook a thorough forensic investigation, providing further updates to our regulators after its completion. We also put in place heightened monitoring of customer accounts to ensure no data compromise had occurred.”

The bank has insisted account security for its customers has not been compromised and that there was no evidence of suspicious activity following the incident. CBA says it has ongoing monitoring of the affected accounts.

Sullivan says, “We take the protection of customer data very seriously and incidents like this are not acceptable. I want to assure our customers that we have taken the steps necessary to protect their information and we apologise for any concern this incident may cause.”

CBA says no action is required by customers and its platforms, systems, services, apps and websites have been unaffected.

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at editorial@sprinter.com.au.  

Sign up to the Sprinter newsletter

Leave a comment:

Your email address will not be published. All fields are required

Advertisement

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.
Advertisement