trending Market Intelligence /marketintelligence/en/news-insights/trending/dkkyoweogbqn0svnmwr-pq2 content esgSubNav
In This List

CBA says no customer data compromised after email domain mistake

Podcast

Street Talk Episode 87

Blog

A New Dawn for European Bank M&A Top 5 Trends

Blog

Insight Weekly: US banks' loan growth; record share buybacks; utility M&A outlook

Blog

Banking Essentials Newsletter 2021: December Edition


CBA says no customer data compromised after email domain mistake

Commonwealth Bank of Australia mistakenly sent emails containing customer data to another company after staff inadvertently used the wrong email domain.

The bank said June 1 that no customer data had been compromised as a result of the issue. The emails contained data relating to about 10,000 customers.

An investigation found that the bank's internal emails were being sent to email addresses using the cba.com domain before April 2017 when the bank acquired the domain. CBA's domain is cba.com.au. The cba.com domain was first used by a U.S.-based financial services firm Cheslock Bakker & Associates to the 2016-2017 period, after which it was used by a U.S. cyber-security company.

The bank sent 651 internal emails during 2016-2017 to the wrong domain. The bank found that the contents of the internal emails were deleted by the cba.com domain owner's system. The emails and associated data were not used and were permanently deleted from the cba.com domain owner's servers.