LinkedIn WhatsApp Facebook Twitter Email Print

Commonwealth Bank of Australia (CBA) has been left red faced following an internal investigation which discovered that staff had sent emails containing the data of 10,000 customers to an overseas company by mistake.

Staff failed to spot that they were sending the emails to a “.com” address instead of an “.au” domain. 651 errant emails were sent in total by unawares staff members. CBA has scrambled to reassure customers that it has not compromised their data.

To address the problem, the bank bought the domain name cba.com in April 2017. It has also blocked all internal emails to the .com address since January of that year.

In a delicious twist of fate, the .com address the 651 emails were sent to was owned by a US-based cybersecurity company.

“We want our customers to know that we are committed to being more transparent about data security and privacy matters,” said CBA’s acting group executive for retail banking services, Angus Sullivan, according to the Sydney Morning Herald.

“Our investigation confirmed that no customer data has been compromised as a result of this issue. We acknowledge, however, that customers want to be informed about data security and privacy issues and we have begun contacting affected customers.”

Comedy of errors

The new follows the bank admitting in May 2018 that it had lost more than 20 million data records whilst trying to have them destroyed.

Fuji Xerox, responsible for the destruction, was tasked with the decommissioning of a data centre by the bank. Backup magnetic tape drives of financial statements were believed by CBA to have been sent to be destroyed. Yet, a certificate of destruction wasn’t found by the bank, which launched an investigation in May 2016.

In 2015, CBA announced record net profits of AU$9.1 billion ($7.18 billion) for 2015, with a 5% increase in cash profits from 2014. The bank’s technology projects were highlighted by its group chief executive officer, Ian Narev, who pointed to its “high levels of investment” in that sector throughout the financial year.

A little over 21% of total sales in CBA’s retail banking operations are made through digital channels, while growth in digital usages from customers in their 50s has seen a 30% rise year-on-year.

The bank reported its eighth consecutive rise in annual profit last year, with a 7.6% rise in net profit to AU$9.93 billion ($7.84 billion). Cash earnings experienced an increase of 4.6%, to AU$9.88 billion ($7.80 billion).

CBA currently runs SAP for Banking at the core, after a system implementation fraught with difficulties was completed in 2013. The go-live was two years behind schedule and had, at times, been costing the bank AU$1 billion (£750 million) per year. The bank posted an IT spend of around AU$752 million ($591 million) for H1 2018.