The Commonwealth Bank has admitted it lost 20 million customer statements after a sub-contractor failed to confirm it had destroyed the data.
CBA has defended the decision not to tell 12 million customers about a the loss of their transaction records in 2016.
The incident, which occurred in 2016 and first reported in Buzzfeed News yesterday, concerns 20 million customer statements from between 2000 and 2016.
According to CBA, the bank was "unable to confirm" the destruction by a supplier (Fuji Xerox) of two magnetic tapes which contained historical customer statements.
CBA said the tapes did not contain passwords, PINs or other data "which could be used to enable account fraud". However, they did include names, addresses, account numbers and transaction records.
"An independent forensic investigation ordered by CBA in 2016 and conducted by KPMG determined the most likely scenario was the tapes had been disposed of," said CBA.
CBA notified the Office of the Australian Information Commissioner and APRA at the time, but failed to tell affected customers.
"The decision not to notify customers was made in light of the investigations findings and the account monitoring in place," said CBA.
The bank's acting group executive for retail banking services, Angus Sullivan, said: "We take the protection of customer data very seriously and incidents like this are not acceptable."
"I want to assure our customers that we have taken the steps necessary to protect their information and we apologise for any concern this incident may cause," Mr Sullivan said.
The review into the capabilities of APRA was released this week and it found that APRA required a cultural change among a host of other chan...
The Finance Sector Union of Australia has urged government action on consumer credit insurance and bank cultural issues following ASIC’s r...
Consumer complaints relating to investment and advice rose by 69 per cent in the first six months of the Australian Financial Complaints Aut...