Commbank has uncovered an issue that allowed sensitive medical information about clients to be accessed by unauthorised staff

While preparing for the divestment of CommInsure for $3.8 billon to AIA,  Commbank has uncovered an issue that allowed sensitive medical information about clients to be accessed by unauthorised staff.

The bank discovered that an internal group-wide system also has access to CommInsure linked systems and data.

The Bank is reviewing access logs to find out whether data was inappropriately viewed by unauthorised employees.  CBA has also called in McGrathNicol Advisory to provide independent oversight of the CBA’s investigation of the data sharing arrangements.

Discovered around late July, the Bank has not yet informed customers, choosing to wait for the results of the review to find out whether there has been any inappropriate access.

As reported by the ABC, it is unclear whether the data sharing and internal security controls themselves would constitute a data breach under Australia’s mandatory notification scheme.

Click here to subscribe to Alerts by ADPCR, and get data breach & security alerts delivered directly to your inbox.
Latest News
More News

Stay informed and in control.
Get notified when a data breach hits.

Get free alerts to assess whether your accounts are compromised or at risk.
Subscribe to Alerts