In May 2018, Buzzfeed broke the news that the Commonwealth Bank of Australia (CommBank) lost the personal financial histories of 12 million customers and chose not to reveal the breach to those impacted. In one of the most advanced financial services privacy breaches ever to occur in Australia, its largest bank lost control of 10 years’ worth of customers’ financial information when a subcontractor lost several tape drives containing banking statements from 2004 through 2014.
The breach occurred in 2016 when the bank’s subcontractor was decommissioning a data center where some CommBank customer data was stored. The bank’s backup magnetic tape drives of financial statements were believed to have been sent to be destroyed, but when a destruction certificate for the data wasn't found by May 2016, CommBank launched an investigation to find out what happened to the data.