Data breach exposes 8000 CBA credit card holders

By Darren Pauli on May 27, 2011 1:19 PM
Filed under Security
 

Penalties considered after Mastercard, Visa investigation.

The Commonwealth Bank has cancelled some 8000 credit cards after it detected a data breach at a merchant.

CommBank noticed fraudulent transactions over its network and alerted card issuers Visa and MasterCard, the breached merchant and its acquiring bank, and affected customers.

The bank did not release the name of the affected merchant and its acquiring bank, or when the breach occurred.

“[CommBank] continuously monitors all credit card transactions to protect our customers from fraud and during this process we became aware of a potential credit card compromise through an Australian merchant acquired by another bank,” a spokesperson said.

“Customer cards are being reissued as a matter of priority.”

Other banks have since reportedly moved to take action.

Mastercard and Visa may issue penalties including fines to the acquiring bank, not CommBank, under the payment industry’s PCI-DSS compliance rules.

The rules impose minimum security standards on merchants according to their size. It demands, among other requirements, that credit card data be encrypted so it could not be read in the event of a data breach.

The severity of the penalties will depend on the merchant’s standard of PCI-DSS compliance at the time of the breach.

The acquiring bank may pass on the penalties to the merchant, but it is common practice in Australia for the banks to absorb the costs.

Australia's Privacy Commissioner is aware of the breach, but did not say if it is investigating the incident.

Copyright © SC Magazine, Australia


Data breach exposes 8000 CBA credit card holders
Yumi Kimura, CC BY-SA 2.0
3 comments in this discussion
"This isn't about the BANK it's the Merchant who was breached that needs to disclose the breach to it's customers so they and the public can choose whether they should accept the risk of doing ..."
By BaysNet
 
Tags
data breach, cba
Related Articles
Breaking Stories
 
Readers of this article also read...
 
Comments: 3
BaysNet
May 27, 2011 3:40 PM
 There is one standard for compliance with a range of compliance validation and reporting requirements up to full external audit by a PCI-DSS QSA which may be imposed on merchants of any level if you were seen as a risk or filled in the self assesmsnt questionaire badly or had a breach whatever the size of the merchant.
scradley87
May 28, 2011 8:37 AM
 It's probably also worth noting that it isn't just Commonwealth that was affected here but some of the other major players too.

http://www.theaustralian.com.au/australian-it/commonwealth-bank-cancels-thousand-of-credit-cards-fearing-fraud/story-e6frgakx-1226064079099
BaysNet
May 30, 2011 8:30 AM
 This isn't about the BANK it's the Merchant who was breached that needs to disclose the breach to it's customers so they and the public can choose whether they should accept the risk of doing business with them!
Comments have been disabled for this article.
 
 
Top Stories
NBN Co could miss revised June fibre targets
NBN Co could miss revised June fibre targets
Analysis: Cutting it fine in the race to the line.
 
Review: Sydney's Opal smartcard
Review: Sydney's Opal smartcard
It's no Oyster card.
 
Rackspace puts price premium on Aussie public cloud
Rackspace puts price premium on Aussie public cloud
At least 17 percent more compared to US instances.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

iTnews Academy: Microsoft Windows Server 2012 - Hyper-V
iTnews Academy: Microsoft Windows Server 2012 - Hyper-V
Interview: Australia's 'cloud-last' policy is dangerous.
Interview: Australia's 'cloud-last' policy is dangerous.
Interview: Vivek Kundra on Australia's 'cloud last' policy
Bankwest builds continuous delivery capability
Bankwest builds continuous delivery capability
To automatically deploy test/dev sandboxes by mid-year.
Veterans' Affairs sets sights on modernisation
Veterans' Affairs sets sights on modernisation
Data safe with Human Services, CIO says.
Citi Australia drops platform customisations
Citi Australia drops platform customisations
Technology chief shifts focus from building to leveraging systems.
VicRoads restructures IT team
VicRoads restructures IT team
Department moves to align with industry benchmarks.
Zurich Australia extends IT team offshore
Zurich Australia extends IT team offshore
Malaysian staff served from Australian data centres.
Leigh Berrell - Utilities CIO of the Year
Leigh Berrell - Utilities CIO of the Year
Yarra Valley Water CIO Leigh Berrell accepts his Benchmark Award for Utilities CIO of the Year.
Wayne McMahon - Retail CIO of the Year
Wayne McMahon - Retail CIO of the Year
Domino's Pizza CIO Wayne McMahon accepts his Benchmark Award for Retail CIO of the Year.
Inside Perpetual's ongoing IT transformation
Inside Perpetual's ongoing IT transformation
CIO Jenny Levy discusses how outsourcing will help the firm "simplify, refocus and grow".
Managing Complexity - Defence's Daniel McCabe
Managing Complexity - Defence's Daniel McCabe
Daniel McCabe, Assistant Secretary of Australia's Department of Defence, provides the audience at the iTnews Data Centre Strategy Summit with a deep dive into the organisation's data centre consolidation program.
How Facebook designed the data centre from scratch - Marco Magarelli
How Facebook designed the data centre from scratch - Marco Magarelli
The full keynote by Facebook data centre architect Marco Magarelli at the Australian Data Centre Strategy Summit. Magarelli details the design considerations behind the social network's Prineville, Oregon; North Carolina and Luleå, Sweden data centres.
Modernising Legacy Data Centres - Telstra's Jon Curry
Modernising Legacy Data Centres - Telstra's Jon Curry
Telstra general manager of managed data centres Jon Curry guides the audience at the iTnews Australian Data Centre Summit through the build of the telco's Clayton, Victoria data centre.
NSW Government launches NABERS data centre rating tools
NSW Government launches NABERS data centre rating tools
Matthew Clark from the NSW Department of Environment guides facilties managers through the details of the new NABERS data centre energy rating tool at the Australian Data Centre Strategy Summit.
NABERS launch panel: Australian Data Centre Strategy Summit
NABERS launch panel: Australian Data Centre Strategy Summit
Matthew Clark (NSW Dept of Environment), Greg Boorer (Canberra Data Centres), Glenn Allan (National Australia Bank), Mike Andrea (Strategic Directions) and Bob Sharon (Green Global Consulting) discuss the impact of the NABERS data centre rating.
Judges notes: Fortescue Metals [The Benchmark Awards]
Judges notes: Fortescue Metals [The Benchmark Awards]
iTnews' panel of judges discuss Fortescue Metals 'New World of Work" project, one of three shortlisted finalists for the Industrials category of the CIO Benchmark Awards.
Judges notes: Retail [The Benchmark Awards]
Judges notes: Retail [The Benchmark Awards]
iTnews' panel of judges discuss the shortlisted finalists for the Retail category of the CIO Benchmark Awards.
Judges notes: Pacific Aluminium [The Benchmark Awards]
Judges notes: Pacific Aluminium [The Benchmark Awards]
iTnews' panel of judges discuss Pacific Aluminium's lightning fast service desk refresh, one of three shortlisted finalists for the Industrials category of the CIO Benchmark Awards.
Judges notes: Domino's Pizza [The Benchmark Awards]
Judges notes: Domino's Pizza [The Benchmark Awards]
iTnews' panel of judges discuss Domino's Pizza's shift to hosted services, one of three shortlisted finalists for the Retail category of the CIO Benchmark Awards.
Judges notes: McDonald's Australia [The Benchmark Awards]
Judges notes: McDonald's Australia [The Benchmark Awards]
iTnews' panel of judges discuss McDonald's Australia's new self-service portal for employees, one of three shortlisted finalists for the Retail category of the CIO Benchmark Awards.
Latest Comments
Powered by Disqus
Polls
Will you quit any cloud services in light of PRISM?
   |   View results
Yes
  62%
 
No
  38%
TOTAL VOTES: 71

Vote
view previous polls »