So in 2016 CBA lost control of somwhere near 20 million customer account records. They are just telling us now. They tell us the magnetic tapes the data was stored on “was likely erased/destroyed” by the third party dealing with the tapes, but it isn’t really known, why? well because that’s why they lost them because they don’t know.
Want to read their oh so reassurring blurb about it?
"
Dear CommBank Customer,
Following recent media reports detailing an incident in May 2016, we want to reassure you there is no evidence of your information being compromised and you do not need to take any action.
Here is what you need to know:
• There is no evidence that any customer information was compromised.
• In May 2016 we were unable to confirm the scheduled destruction of two magnetic tapes used by a supplier to print bank statements. These tapes contained information including customer names, addresses, account numbers and transaction details.
• They did not contain passwords or PINs which could enable fraud.
• We deployed enhanced reporting and ongoing monitoring of customer accounts to ensure customers were protected. These protections are still in place today.
• This was not cyber-related. CommBank’s technology platforms, systems, services, apps and websites were not compromised.
• CommBank offers you a 100% security guarantee against fraud for all your accounts, where you are not at fault. We cover any loss should someone make an unauthorised transaction.
Here is what you can do:
• Continue using your accounts as you always have.
• Please remember that CommBank staff will never ask you to divulge your passwords or PINs. We do not send emails with links requesting you to confirm, update or disclose your confidential banking information.
• If you have questions or would like to discuss, please call us at 1800 316 433.
• If you would like to find more information you can visit www.commbank.com.au/customerassurance
I want to apologise for any concern this incident may have caused. If there is any change in circumstances I will let you know.
Yours sincerely,
Angus Sullivan
Acting Group Executive Retail Banking Services
Commonwealth Bank of Australia ABN 48 123 123 124. "
Does it make me feel any safer? Not really, I remember the Fed Govt confidential papers found in a filing cabinet incident, and who is to say this Bank incident won’t have that type of outcome eventuate with this debacle. The Bank decided we weren’t to be told as we might have become concerned about the safety of our data. Guess what I and others are even more concerned now because of that delay in advising.
NOT GOOD ENOUGH CBA and not good enough the regulator who had been advised of this issue. What a joke and how woefully we as the affected consumers are treated.
And if the circumstances change…When will they let us know as Angus promises to do if they do change? Perhaps like this advice now, two or more years down the track?
I haven’t stopped fuming yet so as I wandered again through their advice I was struck by the complacency of their utterances…We will protect you against fraud “CommBank offers you a 100% security guarantee against fraud for all your accounts, where you are not at fault”…But you are a customer who has Identity Theft carried out on you because of this detail being lost, how in the world do you prove it is fraud? The Bank will say “prove it isn’t you as we believe it is you until you prove differently”. How do they know it hasn’t been used successfully, by the very nature of being successful it isn’t detected so they won’t and wouldn’t know.
And just because this incident isn’t cyber fraud (which I would be more understanding of) doesn’t make it any the less very very bad. In fact it really calls into account the Bank’s procedures that are involved in securing client information any time, what are they because they certainly don’t and didn’t work.
Hmmm what did I say about proving it was fraud, oh that’s right the Bank would say it was the account holder until they proved it wasn’t them. Here is a tale that shows exactly that: