10K ComBank Memos Go Astray
The Commonwealth Bank has admitted sending more than 650 incorrectly addressed internal e-mails to overseas addresses.
The e-mails contained data relating to approximately 10,000 customers and were received by the then US-based user of the cba.com domain, which has nothing to do with the Commonwealth Bank.
According to the bank, the cba.com domain name was first used by US-based financial services firm Cheslock Bakker & Associates until the 2016-17 period, after which it was used by a US cybersecurity company.
The bank claims its investigation found that the e-mails and their associated data had not been used and have since been permanently deleted from the domain owner’s servers.
“No customer data has been compromised as a result of this issue,” the bank said at the weekend. “We acknowledge however that customers want to be informed about data security and privacy issues and we have begun contacting affected customers.”
CBA has since acquired ownership of the cba.com domain name
The CBA catastrophe follows a similar incident by the rival National Australia Bank, which has admitted sending sent the details of some 60,000 customers to an e-mail address at nab.com rather than nab.com.au.