CBA loses 12 million records, doesn’t tell customers

CBA executive Angus Sullivan says there is no evidence the lost records have been compromised or accessed by any third party.

RELATED AUDIO: Privacy Commissioner John Edwards discusses consultation on the Privacy Bill (May 2)

0
0:00 0:10

UPDATE / 4.30pm: ASB Bank says none of its customers was affected by parent CBA's data breach.

"It’s solely a CBA issue. No ASB customers or data involved," a spokeswoman says.

 On NBR's second question submitted this morning: "What is ASB's policy around disclosing data breaches to customers?," the spokeswoman says: "The security of customer information is a priority for ASB and we constantly review our processes and systems to ensure our customers' personal data is well-protected. If customer information is compromised by a breach we would act in accordance with the NZ Privacy Commissioner guidelines and the Privacy Act (1993)."

That would appear to translate as "No." The Privacy Act (1993) does not require disclosure of a breach.

An overhaul of the act, making its way through Parliament, will make disclosure mandatory.

EARLIER 8.30am: The Commonwealth Bank of Australia has admitted it lost track of 12 million customer records – and that it did not inform the customer involved.

The bank has only admitted the 2016 incident late yesterday after it was revealed by Australian media overnight.

NBR has asked ASB Bank (owned by CBA) if any New Zealand customer records were involved, and for the bank’s policy on data breaches.

An update of the Privacy Act now going through Parliament will make data breach disclosure mandatory. Presently, it is voluntary.

CBA says a forensic investigation by KPMG found two magnetic tapes, holding 19.8 million account records relating to 12 million customers, were not properly disposed of.

CBA Retail Banking Service acting group executive Angus Sullivan says the tapes stored personal data such as names and addresses but not pins, passwords “or other data that could enable account fraud.”

He adds there is no evidence that data had been compromised or accessed by third parties because of the incident, and that it was likely the tapes had in fact been destroyed even if the usual procedures were not followed.

Although customers were not informed, CBA says it does it did inform a regulator (the Australian Prudential Regulation Authority) and the Australian Privacy Commissioner.

While the pending NZ Privacy Act overhaul includes a mandatory data breach provision, Privacy Commissioner John Edwards has proposed a two-tier system whereby his office would be informed, then make a judgment call on whether on whether an organisation’s customers or the public at large had to be told.

As it stands, the bill has provision for the Privacy Commissioner to impose a fine of up to $10,000 for an organisation that does not disclose a data breach.

Mr Edwards is lobbying for fines of up to $1m.

The commissioner says breaches are on the rise, and notes companies including Facebook, Uber and Yahoo have all concealed data breaches involving New Zealand customers in recent times.


19 · Got a question about this story? Leave it in Comments & Questions below.


This article is tagged with the following keywords. Find out more about MyNBR Tags

Post Comment

19 Comments & Questions

Commenter icon key: Subscriber Verified

Our own Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry just got one step closer.

Reply
Share
  • 1
  • 0

Loving Australian investigative journalism
Looks like NZ unions are going to look after the people as the suits don't want to

Reply
Share
  • 1
  • 0

Hopefully Crackity and also that the LID on the CAN of WORMS is slowly being PRISED OPEN. Keep up the good work NBR

Reply
Share
  • 0
  • 0

Please spare us the sensationalist commnents!

Reply
Share
  • 1
  • 0

The good old boys - making money since forever

Reply
Share
  • 0
  • 0

Tui BillBoard

Reply
Share
  • 0
  • 0

Money in the bank can result in a haircut and low returns and now the bank can loose your bank balance.
Imagine if you saved hard for years and had a million in the bank suddenly they lost your balance or gave you a hair cut. Everyone relies on Internet for bank transactions these days.
Good old Kiwi tradition of keeping the money in housing makes more sense to me.

Reply
Share
  • 2
  • 1

there has never been a better time than now to completely overhaul the banking system in NZ.
Never mind taking any notice of Adrian Orr....his comments are from newby in a new job....but also the inquiry may well turn up some decisions he was associated with when he was previously at the bank that could dim the light that shines on him.
Indeed there is every chance that could be the case

Reply
Share
  • 0
  • 0

Running together strong as a monopoly
Mind boggling whats coming out - the NZ branch banks are worse

Reply
Share
  • 0
  • 0

If Banking relies on trust then that trust has evaporated in Australia and is fast evaporating in NZ. What we are witnessing is the toxic culture of the Boards of the banks. Culture is everything is any organisation. Its goes to the heart of the organisation. A Board of individuals that lack the right moral and ethical compass will result in an organisation that indulges in inappropriate behaviour. Those further down the organisation will be incentivised by monetary inducements and the behaviour they witness to ignore ethical and moral signals.
As we have seen in Australia so we would see in NZ if a Commission of Inquiry was instigated.
Will the Government have the courage to proceed or will it run away and hide from the truth.

Reply
Share
  • 0
  • 0

Trust us, we are fractional reserve experts, meaning we are licensed by your government to hold in reserve only have a tiny fraction of your current account balances (deposits) to us at any time to actually be able to be repaid by us on demand. And of course, trust your government to trust us. That trust in us is reflected by your governments' limited deposit insurance scheme which only covers a portion of your account holdings held by us. So sleep easy, trust us. LOL!

Reply
Share
  • 0
  • 0

Anyone with a bit of data knowledge and understanding of corporate process cf data/hardware disposals know that this is nothing more than a storm in a teacup and no info has been compromise. I never understood why people always feel the need to criticize corporates. I’ve worked in many and 99% of the time employees are happy, customers experience is held in high regards as well as confidentiality. And yet people will take the first oportunity they have to complain about privacy when they’re sharing half their life on internet.

Reply
Share
  • 1
  • 0

They dont know if been compromised or breeched as very carefully not investigated. Only telling as been caught - I'm sorry (for being caught)
Market themselves on trust & guardians but what is coming out is tip of iceberg - Titanic was unsinkable as Banks believe they are - watch new business models & innovation emerge

Reply
Share
  • 0
  • 0

Let's have an actual IT professionals take on the matter shall we rather than amateur hour with the usual frothing suspect.

http://www.theregister.co.uk/2018/05/03/commonwealth_bank_data_loss/

Reply
Share
  • 1
  • 0

completely agree.. there is a lot of people talking out of a hole in their head. CBA went to the regulator and disclosed, regulator said no further action required. This is a non-story.

Reply
Share
  • 1
  • 0

Look at all thats coming out
Banks are owning up days before things come out - just like Greens co leader
This is just a small cog in what appears a monster horror show

Reply
Share
  • 0
  • 0

If you believe the banks and even the RBNZ then you are stupid.
Anything or anybody that controls money (other peoples) are and always will be the last to want any prying eyes taking a look at the so called protection
and management system.
Money is not the evil but becomes so when handed to someone else.
It creates a competition that never existed prior and then comes the show off to tell the world how good they are at management......next step fraud to prop it up or liquidation because it has gone down the gurglar.

Reply
Share
  • 0
  • 0

No secret fees, factoring, lost privacy or below inflation interest
& yes.................you get it all back
A market darling since the last depression

Reply
Share
  • 0
  • 0

Losing 12m records - not good but clients did not lse money.

Fast track to NZ and we have Depositors losing billions of dollars via Finance Companies while the Securities Commission, RBNZ and the Clark government looked completely the other way.

Now we have the FMA and the RBNZ in total confusion about how a situation like CBL must be handled!

Reply
Share
  • 0
  • 0

Post New comment or question

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.