The Commonwealth Bank of Australia has been hit with the largest ever penalty under the Spam Act, for sending more than 65 million marketing emails that were hard-to-impossible to unsubscribe from.
The emails were sent between November 2021 and November 2022. Th vast majority of these (61m of the total 65m) required customers to login to their online banking accounts in order to subscribe, four million had no unsubscribe option at all, while 5,000 of these were sent to those who had already attempted to unsubscribe.
“The scale and duration of the breaches by the CBA is alarming,” ACMA chair Nerida O’Loughlin said.
“The ACMA gave it early warnings it might have some issues and the steps it took were ineffective. The failure to fix the issues shows a complete disregard for the spam rules and the rights of its customers.
“We will be closely monitoring the Commonwealth Bank’s compliance and the commitments it has made to review its practices. If we find future non-compliance, we will not hesitate to take further action.”
Commonwealth Bank joins the likes of Latitude ($1.5m), Binance ($2m) and Sportsbet ($2.5m) in copping multi-million dollar fines for breaching the Spam Act 2003.
