As part of the undertaking, CBA now has 90 days to develop and submit to the OAIC a work plan and timetable of work to meet address its privacy obligations, including a review of its policies, procedures and data retention standards, while also providing staff training to ensure compliance.
“CBA must also assess its IT services and systems to make sure it takes appropriate steps to control access to customers’ personal information,” the OAIC said.
Australian Information Security Incident Reported: February 12 2019
The nation’s biggest banks are scrambling to contact up to 100,000 customers who may have been caught up in a major data breach at property valuation firm, LandMark White.
The breach, which LandMark White first revealed late on Friday, “could” include property valuations and personal contact information of home owners, residents, and property agents, including first and last names, residential addresses and contact numbers.
Australian Information Security Incident Reported: December 03 2018
The Commonwealth Bank is urgently investigating a potential data breach that may have given its staff access to customers’ sensitive medical information.
Medical information supplied by an unknown number of customers to CommInsure was made available to other arms of the bank, including to staff who decide whether to approve or decline loan applications.
Australian Information Security Incident Reported: June 02 2018
About 10,000 customers of the Commonwealth Bank of Australia, the country’s biggest bank, may have had their personal information compromised due to emails being sent to the cba.com domain, instead of cba.com.au.
The bank said it had confirmed that none of this data had been used and that it was deleted from the cba.com email servers.
“From January 2017, we have been blocking internal emails addressed to the cba.com domain name.”
Australian Information Security Incident Reported: May 02 2018
The Commonwealth Bank lost the personal financial histories of 12 million customers, and chose not to reveal the breach to consumers, in one of the largest financial services privacy breaches ever to occur in Australia.
While the issue was revealed publicly last week, it took place in 2016 when the Commonwealth Bank hired a subcontractor to destroy the backup tapes while they were decommissioning a data center. The bank investigated the incident and after it didn’t get acknowledgement about destroying the data tapes.
“The tapes did not contain passwords, PINs or other data which could be used to enable account fraud,” it said.