Commonwealth Bank lost data of nearly 20 million accounts

Picture: Supplied.
Picture: Supplied.

COMMONWEALTH Bank of Australia is trying to reassure nervous customers after revealing it can’t find more than 15 years worth of backup data on almost 20 million accounts.

The two magnetic data tapes held customer names, addresses, transaction details and numbers for 19.3 million accounts from 2000 to early 2016.

But CBA is adamant the tapes did not contain passwords, PINs or other data that could be used for fraudulent purposes.

“Ongoing monitoring of accounts by CBA confirms customers do not need to take any action,” the nation’s biggest bank said in a statement on Thursday.

A KPMG investigation of the data loss was ordered by CBA in 2016, but customers were never told.

“The relevant regulators were notified in 2016 and we undertook a thorough forensic investigation, providing further updates to our regulators after its completion,” acting group head of retail banking services Angus Sullivan said.

“We concluded, given the results of the investigation, that we would not alert customers.”

But shadow treasurer Chris Bowen said people should have been told.

“The government and the information commissioner need to make full statements today on their knowledge and actions in 2016,” he said.

“Had the government not stalled in introducing Labor’s data breach notification laws that are now in place, the bank would have been required by law to notify affected customers.”

Meanwhile, the saga has sparked renewed interest from the Office of the Australian Information Commissioner which this week contacted CBA asking for more information.

This follows CBA’s admission it couldn’t confirm whether the tapes, which were retained so bank statement could be printed, were destroyed or not.

But it’s also told customers it offers a 100 per cent security guarantee against fraud on accounts and covers losses from unauthorised transactions.

The latest revelations cap a troublesome couple of weeks for CBA.