Commonwealth Bank of Australia "loses" records of over 20 million accounts

[HalGameGuru]

Source: https://www.cnet.com/news/commonwealth-bank-of-australia-financial-data-breach-20-million-accounts/

The Commonwealth Bank of Australia has lost the records of over 20 million accounts, over 12 millions customers, when a subcontractor lost two magnetic data storage tapes containing the records in 2016. Now by lost they don't necessarily mean THEY don't still have all this information, but that others may now be in possession of said information.

Quote

The magnetic tapes were lost by subcontractor Fuji Xerox during the process of decommissioning one of CBA's data centres. When CBA could not confirm the tapes had been destroyed, the bank hired accounting firm KPMG to conduct a forensic investigation. According to CBA, KPMG found the "most likely scenario was the tapes had been disposed of."

However, Buzzfeed News reports that one of the possible scenarios investigated by KPMG was that the tapes fell off the back of a truck when they were being transported to be destroyed.

I didn't think anyone even still used magnetic tape. If they were meant to be destroyed anyway why weren't they scrubbed before moving? It takes 2 seconds. One magnet... all it takes. Even other archival media, other institutions, other data types, more care should be taken to secure or destroy the data before any attempt to move it or access for third parties is allowed.

Quote

CBA said the data included customer names, addresses, account numbers and 16 years of transaction information used to print customer account statements (dating from 2000 to early 2016). CBA said it informed Australia's Privacy Commissioner when it became aware of the breach in May 2016, but "a decision was made not to alert customers."

I'm not sure I like an institution like this not making such a breach known much sooner. I'm not sure if its a government institution, or a private one under charter, or what. Depending on their operations is that enough data to compromise accounts? Allow for identity theft? 

Quote

In relation to this fresh privacy scandal, CBA said on Thursday "no evidence was found of any customer information being compromised, and over the past two years there has been no evidence of customer harm or suspicious account activity."

All data security starts as physical security. How many other institutions may operate similarly? May allow deprecated technology to be handled in a less secure manner than is prudent? We can take some solace in knowing most people wouldn't even know what these tapes were or how they could be accessed. But security by obscurity is no real security. 

 

 

Spoiler

Well, sir, there's nothing on earth
Like a genuine, bona fide
Electrified, six-car monorail **cough** BLOCKCHAIN!
What'd I say?

BLOCKCHAIN
What's it called?
BLOCKCHAIN
That's right! BLOCKCHAIN

BLOCKCHAIN
BLOCKCHAIN
BLOCKCHAIN

I hear those things are awfully loud
It glides as softly as a cloud
Is there a chance the track could bend?
Not on your life, my Hindu friend

What about us brain-dead slobs?
You'll be given cushy jobs
Were you sent here by the Devil?
No, good sir, I'm on the level

The ring came off my pudding can
Take my pen knife, my good man
I swear it's Springfield's only choice
Throw up your hands and raise your voice

BLOCKCHAIN
What's it called?
BLOCKCHAIN
Once again
BLOCKCHAIN

But Main Street's still all cracked and broken
Sorry, Mom, the mob has spoken

BLOCKCHAIN
BLOCKCHAIN
BLOCKCHAIN

Read more: Simpsons - The Monorail Song Lyrics | MetroLyrics

 

[Crunchy Dragon]

I didn't think anyone still used tape drives for storing data....

[MrDrWho13]

8 minutes ago, Crunchy Dragon said:

I didn't think anyone still used tape drives for storing data....

They're quite common for large-scale offline backup because they're relatively cheap for the size

[mynameisjuan]

14 minutes ago, Crunchy Dragon said:

I didn't think anyone still used tape drives for storing data....

Its probably still the leading way to back up large amounts of data. Trust me its used. 

[Eduard the weeb]

wait there 24 million people in the land down under so like 5/6 people lost there account if each person had an account lol

[TVwazhere]

Tape drives are still used for archival storage because the data "lasts forever"

 

 

[suicidalfranco]

now imagine how skewed the comments in this thread would be if instead of bank in the title there was bitcoin marketplace or crypto something

[bcredeur97]

30 minutes ago, suicidalfranco said:

now imagine how skewed the comments in this thread would be if instead of bank in the title there was bitcoin marketplace or crypto something

this is so true.

things can happen at banks too. I guess because crypto is still relatively new and exciting (also nothing insures it), people are more prone to freak out about it.

[Taf the Ghost]

Without Data Mining skills, the information is mostly only valuable as part of a "Black File" against those that are highly connected. Still, only 2 copies? What a pathetic IT management.

[Razor01]

9 minutes ago, Taf the Ghost said:

Without Data Mining skills, the information is mostly only valuable as part of a "Black File" against those that are highly connected. Still, only 2 copies? What a pathetic IT management.

 

Well they can use the info for identity theft.

Crypto don't need to worry about that much there since most crypto to fiat money exchanges only require one form of an ID.

 

Traditional banks require ID, SS or bill info, so with those 2 or 3 pieces of info, identity theft can happen.

[dtaflorida]

I gotta admit, my heart rate was a little elevated. Title had me worried... I always felt NAB was the worst bank in Aus.

Well grass is always greener...

[Linus_torvalds]

2 hours ago, Crunchy Dragon said:

I didn't think anyone still used tape drives for storing data....

We used tapes to backup earthquake data in my old job. It's very cheap and it lasts much longer then HDDs or SSDs. Well, theoritically SSD can last even longer then tape but SSD is not the best choice for offline backup.

[divito]

Plenty of businesses still use tape drives for backup. Where I work also uses them for daily backups and quarterly. 

[Dabombinable]

3 hours ago, MrDrWho13 said:

They're quite common for large-scale offline backup because they're relatively cheap for the size

It was a bit of a shock when I as at school seeing the main server being backed up to tape.

[Arika]

Oh CBA you just can't catch a break can you with all your privacy breaches and CBP/KYC breaches

 

3 hours ago, Eduard the weeb said:

wait there 24 million people in the land down under so like 5/6 people lost there account if each person had an account lol

Well it was 24 million accounts across 12 million customers so each customer had 2 accounts on average

[mr moose]

4 hours ago, suicidalfranco said:

now imagine how skewed the comments in this thread would be if instead of bank in the title there was bitcoin marketplace or crypto something

To be fair, there has been no one one these forums pontificating the supreme awesomeness and security of the conventional banking system like they do with bitcoin.   It's not really unexpected news when this happens (which isn't even a digital breach), however when various groups swear black and blue that bitcoin is the future due to security and transparency, then when that fails you inevitable draw the ire of those who were told otherwise.

 

 

1 hour ago, Sierra Fox said:

Oh CBA you just can't catch a break can you with all your privacy breaches and CBP/KYC breaches

 

Well it was 24 million accounts across 12 million customers so each customer had 2 accounts on average

I would say most adults have three accounts (mortgage/loan, savings and credit card facility), while junior has only savings.

[HalGameGuru]

1 hour ago, mr moose said:

-snip-

Bitcoin != exchanges. any more than investing in a company is the same as the NYSE

 

third party apps on your phone is not an inherent black mark against banks or paypal that you may also have on your phone. Even if they are malicious and try to steal your info. They are two separate entities, one of which is innocent in the debacle.

[Serin]

Aahahah commbank. Poor suckers.
Oh... wait... I also have a bank account with any given bank in this country.
Fuck.

[mr moose]

4 minutes ago, HalGameGuru said:

Bitcoin != exchanges. any more than investing in a company is the same as the NYSE

 

third party apps on your phone is not an inherent black mark against banks or paypal that you may also have on your phone. Even if they are malicious and try to steal your info. They are two separate entities, one of which is innocent in the debacle.

What are you talking about?  What has any of that got to do with what I said?

[Sauron]

5 hours ago, Crunchy Dragon said:

I didn't think anyone still used tape drives for storing data....

Everyone uses them actually, they are very cost and space effective. There are tapes that can store hundreds of terabytes and are roughly as big as a hard drive. They aren't good for data that is accessed regularly, but for long term backups they are perfect.

[HalGameGuru]

2 minutes ago, mr moose said:

"however when various groups swear black and blue that bitcoin is the future due to security and transparency, then when that fails you inevitable draw the ire of those who were told otherwise."

The only failures have been exchanges, not BitCoin. Not blockchain. 

[mr moose]

36 minutes ago, HalGameGuru said:

The only failures have been exchanges, not BitCoin. Not blockchain. 

I think you might have missed my point by a long shot.

[HalGameGuru]

37 minutes ago, mr moose said:

I think you might have missed my point by a long shot.

then you may wanna go back and either cite some example of what you are talking about or be more specific. Because it sounds a lot like you are saying that the "security and transparency" of "BitCoin" (i think you meant the blockchain) has had occasions of failure. Of those specific selling points. Which is inaccurate.

[Arika]

5 minutes ago, HalGameGuru said:

then you may wanna go back and either cite some example of what you are talking about or be more specific. Because it sounds a lot like you are saying that the "security and transparency" of "BitCoin" (i think you meant the blockchain) has had occasions of failure. Of those specific selling points. Which is inaccurate.

who cares? this has nothing to do with conventional banks vs bitcoin/blockchain/whatever. a third party company lost a physical drive with customer information on it. it can happen to literally any company 

[iamdarkyoshi]

6 hours ago, TVwazhere said:

Tape drives are still used for archival storage because the data "lasts forever"