Australia's troubled Commonwealth Bank admitted Thursday it had lost financial records for almost 20 million customers in a major security blunder - but insisted there was no need to worry. The nation's biggest company said it could not find two magnetic data tapes that stored names, addresses, account numbers and transaction details from 2000 to 2016.
National broadcaster ABC said the records were supposed to have been destroyed by a sub-contractor after the decommissioning of a data centre, but the bank never received documentation to confirm this happened. The lender assured customers there was no need to worry as the tapes did not contain passwords, PINs or other data that could be used for fraudulent purposes.
It said in a statement after the incident was exposed by Australian media that an independent forensic investigation in 2016 "determined the most likely scenario was the tapes had been disposed of". It said the issue was not cyber-related and there was no compromise of its technology platforms, systems, services, apps or websites and no evidence of customer harm.
But ongoing monitoring of the 19.8 million customer accounts involved is continuing, just in case. "We take the protection of customer data very seriously and incidents like this are not acceptable," said Angus Sullivan, acting group executive for the lender's retail banking services.
"I want to assure our customers that we have taken the steps necessary to protect their information and we apologise for any concern this incident may cause." He added customers had a 100 percent security guarantee against fraud where it was not their fault. "The relevant regulators were notified in 2016 and we undertook a thorough forensic investigation, providing further updates to our regulators after its completion," Sullivan added.
"We also put in place heightened monitoring of customer accounts to ensure no data compromise had occurred. "We concluded, given the results of the investigation, that we would not alert customers." But Prime Minister Malcolm Turnbull called it "an extraordinary blunder" and said people should have been told.