14 DAY TRIAL // Australian Commonwealth Bank hired consultancy firm McGrathNicol to oversee an ongoing potential data breach investigation following the disclosure of customer medical data between the bank's various arms.
According to ABC News' report, the privacy breach was detected at the end of July 2018 when the bank was preparing to sell its CommInsure insurance arm to the AIA pan-Asian life insurance group.
Moreover, "Medical information supplied by an unknown number of customers to CommInsure was made available to other arms of the bank, including "to staff who decide whether to approve or decline loan applications," said ABC Investigations' Dan Oakes.
Although no evidence was found that unauthorized external parties accessed the customer medical information, Commonwealth Bank still informed the Australian data protection watchdogs.
Until now, according to ABC News, the Australian Security and Investment Commission (ASIC), the Office of the Australian Information Commissioner, and the Australian Prudential Regulation Authority (APRA) were informed about the possible CommInsure data breach.
The bank did not disclose the number of customers potentially affected by the incident
However, despite notifying all Australian watchdogs, Commonwealth Bank decided not to inform any of the customers who might have been impacted by the potential breach given that the bank staff does not think the data was exposed.
"We understand that some customers will be concerned about this shared internal access and we are taking steps to ensure access to all sensitive information associated with CommInsure is provided on a need to know basis," a Commonwealth Bank spokesperson told ABC News.
At the moment the bank did not provide any details on the exact data that might have been compromised during the privacy incident, nor did it give the exact number of impacted customers.
Furthermore, Commonwealth Bank refused to make available a spokesperson despite multiple requests for extra information regarding the incident.