Buzzfeed News have uncovered an absolute whopper of a whoopsie swept under the rug by Commonwealth Bank.
The publication revealed yesterday that the top four bank lost the personal financial histories of 12 million customers, and chose not to reveal the breach despite being one of the largest ever to occur in Aus.
Since Buzzfeed News uncovered the story, the bank has admitted it lost financial statements for a decent chunk of time between 2004 and 2014.
The loss itself occured in 2016 when a subcontractor (Fuki Xerox) seemingly misplaced the data stored on tape drives.
“Backup magnetic tape drives of financial statements were believed to have been sent to be destroyed. But when a “destruction certificate” for the data wasn’t found on 9 May 2016, the Commonwealth Bank initiated an investigation to find out what happened to the data,” the report reads.
“The bank notified the OAIC – which regulates privacy in Australia – On 20 May 2016 and told the regulator what had occurred.
The bank then undertook significant steps to attempt to retrieve the information. BuzzFeed News understands that after the breach was discovered, the company spent a number of weeks formulating a range of potential responses. It formed a remediation task force from within the bank’s ranks and called the team ‘Project Chesapeake’. Details were known to 150 people in the organisation.”
One theory suggested by a forensic team from accounting firm KPMG was that the tapes might have fallen off the back of a truck taking the data to be destroyed.
But the data was never located either on the road (no, reallly, they looked there) or on the dark web.
While the bank says the lost data did not include customers’ passwords or PINs and there was no evidence the information had been compromised.
But the data was never recovered. To this day, the bank doesn't know what happened to those tape drives. And it decided not to tell customers. So we're telling you now.
— Paul Farrell (@FarrellPF) May 2, 2018
Commonwealth Bank have taken to Twitter to share the following with irate consumers:
“We take your privacy seriously. You may have read a recent media report about an event in May 2016. There’s no evidence of your information being compromised and you don’t need to take any action.”
Angus Sullivan, Commonwealth Bank’s acting group executive of retail banking services also shared the below as part of a statement:
“We take the protection of customer data very seriously and incidents like this are not acceptable. We want to assure our customers that no action is required and we apologise for any concern the incident may cause.”
“We undertook a thorough forensic investigation, providing further updates to our regulators after its completion. We also put in place heightened monitoring of customer accounts to ensure no data compromise had occurred.”
This hasn’t stopped customers from expressing their outrage over the lack of disclosure though:
The dog ate our customer's records. It took him a while.
— Alex Mandl (@AlexHMandl) May 2, 2018
If you "have taken all steps necessary", we'd be hearing it from you in May 2016 and not from the media in 2018. Keeping it from your customers for 2 years is a major breach of trust.
— posting scientist (@SIGKILL) May 3, 2018
Image: Getty
ENOUGH WORDS! RELAX YOUR EYEBALLS WITH THIS VIDEO
Bachelor In Paradise’s Sam and Tara reveal they talked about poop during their commitment ceremony:
