Commonwealth Bank Loses 12 Million Customers’ Data In The Most Embarrassing Way Possible

Just when you thought all data breaches amounted to hacker shenanigans, the largest bank in Australia has belatedly confirmed a different sort of breach story. BuzzFeed reports that the Commonwealth Bank lost 12 million customers’ data after magnetic tape backups containing their personal financial history from 2004 to 2014 went missing. It just lost them. They may have literally fallen off a truck. And the bank didn’t even bother telling its customers about the incident.



Empty LTO-6 slots. Photo: Patrick Finnegan (Flickr)

While said losing-of-data was only publicly revealed this week, it took place back in 2016, when the Commonwealth Bank hired a subcontractor to destroy the backup tapes while decommissioning a data centre.

After it didn’t get a receipt of the tapes’ destruction, the bank investigated and discovered that the tapes were nowhere to be found. Had they been destroyed? Nobody knew for sure.

In response, the Commonwealth Bank formed a task force (codename “Project Chesapeake”) and hired accounting firm KPMG, which was also unable to locate the missing tapes. According to BuzzFeed, KPMG even explored the possibility that “the drives weren’t secured properly and fell from a truck in transit that was carrying the data for destruction”. The bank told Buzzfeed that the accounting firm ultimately concluded the tapes were “most likely” destroyed.

The news arrives at a real bummer of a time for privacy. In the wake of the Cambridge Analytica scandal, nobody feels very secure about their data. But surely, people might think, our financial institutions can be trusted with our information. This is not true.

Just last month, SunTrust Bank admitted that an employee may have stolen the personal data of 1.5 million customers and possibly sold it to criminals. And who could forget how credit reporting agency Equifax fell victim to cybercriminals, potentially exposing the data of over 145 million Americans – just one of many data breaches last year.

The detail about magnetic tapes falling off the back of a truck is funny, but the use of the technology in data storage is actually not uncommon. As recently as just few years ago, many large banks, the IRS, and even Google and Amazon were still using magnetic tapes to back up large amounts of data.

Increasingly, businesses are turning to cloud storage for their backup needs, though some security hawks might point out that in-house magnetic tapes are still uniquely secure since they aren’t connected to the internet. Of course, they are not so secure if you put them in the back of a subcontractor’s truck.

The good news for Commonwealth Bank customers is that KPMG, the accounting firm, does not believe that sensitive data ever got into the hands of criminals after the loss of the tapes. The bad news is that human society is a never-ending comedy of errors in which our hopes and dreams play out as farce. At least the weather is nice, sometimes.

[Buzzfeed]