Canberra, May 3: Australia’s Commonwealth Bank has admitted losing the bank records of almost 20 million people, a media report said.
These were the names, addresses, account numbers and statements of its customers that were stored on two magnetic tapes meant to be destroyed by a subcontractor in 2016, the BBC reported.
Despite not receiving evidence the tapes had actually been destroyed, the bank did not tell customers there was a potential data breach. It is the latest scandal involving Australia’s largest lender.
In a filing to the Australian Stock Exchange, the bank said it could not confirm that the tapes containing 15 years of data had been destroyed securely.
But it said “an independent forensic investigation” by accounting firm KPMG had “determined the most likely scenario was the tapes had been disposed off.”
It added “the tapes did not contain passwords, PINs or other data which could be used to enable account fraud”.
And it stressed there had been no evidence that customer information had been compromised, with monitoring mechanisms remaining in place.
Buzzfeed first reported news of the lost tapes, claiming they were supposed to be destroyed by Fuji Xerox after the decommissioning of a data centre.
The Commonwealth Bank’s acting head of retail banking, Angus Sullivan, described the incident as “unacceptable” and has apologised for any “inconvenience and worry” the incident may have caused the customers.
The privacy breach comes at a time when Australian banks are under intense scrutiny from a landmark banking inquiry, the BBC report said.
In April, the inquiry heard that the Commonwealth bank collected fees from customers it knew had died. In one case, an adviser collected fees from a former client for more than a decade.
Australia’s Treasurer Scott Morrison has warned that financial executives could face strong penalties, including jail sentences, from evidence brought up at the inquiry.