03 Dec Medical Information of Commonwealth Bank Customers Exposed in Breach
Reports of a breach that may have affected the confidential medical information of Commonwealth Bank customers surfaced this week. However, the bank’s insurance arm, CommInsure, said that it did not inform its customers as it believed that the incident did not constitute a breach of privacy.
The bank said since discovering the potential breach back in July, it had been scouring records to check whether data was “accessed inappropriately” by employees. It then informed the Office of the Australian Information Commissioner, the Australian Security and Investment Commission (ASIC) and the Australian Prudential Regulation Authority (APRA) that there was no evidence of staff outside CommInsure accessing the personal data of CommInsure customers.
Australia’s notifiable data breaches scheme requires the bank to inform customers if their personal information had been accessed by an unauthorized party, or if there had been a loss of personal information, and if the incident results in serious harm to one or more individuals.