The ANZ Bank has disabled its online statement service after a technical error matched newly uploaded bank statements to the wrong accounts.
About 60 customers downloaded bank statements that were not their own on Sunday, when ANZ attempted to reinstate the service after a three-week hiatus.
ANZ suspended its online statement service in mid-December after SC Magazine reported a security flaw in how statements were stored permanently in web browser histories once viewed.
It attempted to reinstate the service last weekend, but statements were online for only 24 hours until the service was shut down again on Monday morning.
An ANZ spokesman said it was investigating the statement matching glitch, which affected an undisclosed number of accounts within the first batch of statements that were uploaded.
“A small number of customers may have been able to view another customer’s statement,” he said of the breach, which was first reported by The Australian.
“While we are only aware of a small number of instances we immediately decided to disable online statements until the issue is fully resolved.”
As of Thursday morning, the bank was still in the process of calling those customers affected by the 60 erroneous downloads.
It had also informed Privacy Commissioner Timothy Pilgrim of the breach. The Commissioner said he was "pleased to see" ANZ's prompt response.
ANZ’s spokesman did not specify when it would reinstate the online statement service, noting that it was taking the issue seriously.