Audit: CBA to ‘substantially’ overhaul privacy under OAIC undertaking | iTnews

Audit: CBA to ‘substantially’ overhaul privacy under OAIC undertaking | iTnews

Australian Information Security Audit Report June 27 2019

CBA has 90 days to submit plans.

Reported in: iTnews

The Office of the Australian Information Commissioner (OAIC) has accepted a court-enforceable undertaking from the Commonwealth Bank of Australia (CBA) in the wake of investigations into issues with the bank’s handling of customer data.

As part of the undertaking, CBA now has 90 days to develop and submit to the OAIC a work plan and timetable of work to meet address its privacy obligations, including a review of its policies, procedures and data retention standards, while also providing staff training to ensure compliance.

“CBA must also assess its IT services and systems to make sure it takes appropriate steps to control access to customers’ personal information,” the OAIC said.

Incident:  Bunnings exposed staff performance database | iTnews

Incident: Bunnings exposed staff performance database | iTnews

Australian Information Security Incident Reported: February 06 2019

Bunnings has confirmed it notified the Office of the Australian Information Commissioner of a data breach, after an individual staffer set up an employee performance monitoring database on his home computer and exposed it to the internet.

The database also contained log in credentials for staff and developers, some in plan text, he added.

Furthermore, contact details of 1194 customers were exposed, including email and physical addresses, and phone numbers.

Source: Bunnings exposed staff performance database

Incident: NSW Policeman sent intimate photos from arrested woman’s phone to other officers via Facebook | SMH

Incident: NSW Policeman sent intimate photos from arrested woman’s phone to other officers via Facebook | SMH

Australian Information Security Incident Reported: January 22 2019

A former Sydney police officer is facing up to a year in jail after he took intimate images from an arrested woman’s phone and sent them to fellow officers on Facebook.

The woman was taken back to the station and to police cells.

At the time of her arrest, the woman’s phone was seized and it was examined using police investigative software.

Albee examined the photos at the police station then uploaded two to a Facebook group chat with four other serving police officers, which they used to chat while off-duty.

Source: NSW Policeman sent intimate photos from arrested woman’s phone to other officers via Facebook | SMH

Big W customer data leaked due to printer repair mishap | SmartCompany

Australian Information Security Incident Reported: December 20 2018

A Big W worker accidentally leaked the personal information of 32 people earlier this year when repairing a printer for a customer, Office of the Australian Information Commissioner (OAIC) disclosures reveal.

The Woolworths-owned discount department store has admitted to an extraordinary instance of human error where an employee enclosed confidential information within a pile of test print-outs provided to a customer to show their printer was fixed.

The document contained the names, addresses and a form of ID for over two-dozen people.

Source: Big W customer data leaked due to printer repair mishap – SmartCompany

Psychologists’ home details posted online in HBF breach | The West Australian

Australian Information Security Incident Reported: December 19 2018

WA’s biggest health insurer has admitted to a privacy breach that led to the private addresses of psychologists being published on a TripAdvisor-style healthcare website.

HBF said this week that it had notified the Office of the Australian Information Commissioner and written to more than 7000 psychologists after realising it had provided some personal addresses to the online directory Whitecoat.

Source: Psychologists’ home details posted online in HBF breach

CBA customers’ medical data exposed in potential privacy breach | ABC News (Australia)

Australian Information Security Incident Reported: December 03 2018


The Commonwealth Bank is urgently investigating a potential data breach that may have given its staff access to customers’ sensitive medical information.

Medical information supplied by an unknown number of customers to CommInsure was made available to other arms of the bank, including to staff who decide whether to approve or decline loan applications.

Source: CBA customers’ medical data exposed in potential privacy breach