Commonwealth Bank of Australia mistakenly sent emails containing customer data to another company after staff inadvertently used the wrong email domain.
The bank said June 1 that no customer data had been compromised as a result of the issue. The emails contained data relating to about 10,000 customers.
An investigation found that the bank's internal emails were being sent to email addresses using the cba.com domain before April 2017 when the bank acquired the domain. CBA's domain is cba.com.au. The cba.com domain was first used by a U.S.-based financial services firm Cheslock Bakker & Associates to the 2016-2017 period, after which it was used by a U.S. cyber-security company.
The bank sent 651 internal emails during 2016-2017 to the wrong domain. The bank found that the contents of the internal emails were deleted by the cba.com domain owner's system. The emails and associated data were not used and were permanently deleted from the cba.com domain owner's servers.
