Audit: CBA to ‘substantially’ overhaul privacy under OAIC undertaking | iTnews

Audit: CBA to ‘substantially’ overhaul privacy under OAIC undertaking | iTnews

Australian Information Security Audit Report June 27 2019

CBA has 90 days to submit plans.

Reported in: iTnews

The Office of the Australian Information Commissioner (OAIC) has accepted a court-enforceable undertaking from the Commonwealth Bank of Australia (CBA) in the wake of investigations into issues with the bank’s handling of customer data.

As part of the undertaking, CBA now has 90 days to develop and submit to the OAIC a work plan and timetable of work to meet address its privacy obligations, including a review of its policies, procedures and data retention standards, while also providing staff training to ensure compliance.

“CBA must also assess its IT services and systems to make sure it takes appropriate steps to control access to customers’ personal information,” the OAIC said.

Incident: Landmark White home loan details of 100,000 customers hacked in major data breach | Brisbane Times

Incident: Landmark White home loan details of 100,000 customers hacked in major data breach | Brisbane Times

Australian Information Security Incident Reported: February 12 2019

The nation’s biggest banks are scrambling to contact up to 100,000 customers who may have been caught up in a major data breach at property valuation firm, LandMark White.

The breach, which LandMark White first revealed late on Friday, “could” include property valuations and personal contact information of home owners, residents, and property agents, including first and last names, residential addresses and contact numbers.

Source: Home loan details of 100,000 customers hacked in major data breach

Source: Landmark White’s stolen data re-appears on dark web
ome loan details of 100,000 customers hacked in major data breach

CBA customers’ medical data exposed in potential privacy breach | ABC News (Australia)

Australian Information Security Incident Reported: December 03 2018


The Commonwealth Bank is urgently investigating a potential data breach that may have given its staff access to customers’ sensitive medical information.

Medical information supplied by an unknown number of customers to CommInsure was made available to other arms of the bank, including to staff who decide whether to approve or decline loan applications.

Source: CBA customers’ medical data exposed in potential privacy breach

CommBank sent 650 customer emails to wrong domain | iTWire

Australian Information Security Incident Reported: June 02 2018

About 10,000 customers of the Commonwealth Bank of Australia, the country’s biggest bank, may have had their personal information compromised due to emails being sent to the cba.com domain, instead of cba.com.au.

The bank said it had confirmed that none of this data had been used and that it was deleted from the cba.com email servers.

“From January 2017, we have been blocking internal emails addressed to the cba.com domain name.”

Source: CommBank sent 650 customer emails to wrong domain

Australia’s Largest Bank Lost The Personal Financial Histories Of 12 Million Customers | BuzzFeed

Australian Information Security Incident Reported: May 02 2018

The Commonwealth Bank lost the personal financial histories of 12 million customers, and chose not to reveal the breach to consumers, in one of the largest financial services privacy breaches ever to occur in Australia.

While the issue was revealed publicly last week, it took place in 2016 when the Commonwealth Bank hired a subcontractor to destroy the backup tapes while they were decommissioning a data center. The bank investigated the incident and after it didn’t get acknowledgement about destroying the data tapes.

“The tapes did not contain passwords, PINs or other data which could be used to enable account fraud,” it said.

Source: Australia’s Largest Bank Lost The Personal Financial Histories Of 12 Million Customers