There was no evidence of customer information being compromised or suspicious activity in a May 2016 incident in which the Commonwealth Bank (CBA) was unable to confirm the destruction of two magnetic tapes which contained historical customer documents, the bank said.
The statement followed media reports this week about the incident, which said the tapes contained customer names, addresses, account numbers and transaction details from 2000 to 2016.
The tapes did not contain passwords, PINs or other date which could be used to enable account fraud, the bank said.
CBA said it tasked KPMG with conducting an independent forensic investigation into the incident in 2016, which determined the most likely scenario was the tapes had been disposed of.
The bank also said it immediately put in place monitoring mechanisms to further protect customers.
“We concluded, given the results of the investigation, that we would not alert customers. We discussed this course of action with the OAIC (Office of the Australian Information Commissioner) who subsequently advised that it did not intend to take any further action in relation to the matter,” CBA acting group executive, retail banking services, Angus Sullivan said.
“We have, however, been contacted by the OAIC this week for additional information about this matter and the actions CBA undertook in 2016.”