CBA staff sent emails to domain by mistake

By on
CBA staff sent emails to domain by mistake

About 10,000 customers to be contacted.

The Commonwealth Bank has secured and blocked a .com domain that was the inadvertent recipient of 651 internal emails over the course of a year.

The bank said in a disclosure today that internal CBA emails were being sent to email addresses ending in instead of

An investigation identified 651 such emails that had been sent in error during 2016-17, “which contained data relating to approximately 10,000 customers”.

The bank said its investigators had “confirmed the contents of all 651 internal emails were automatically deleted by the domain owner’s system, which only collected information on CBA sender and recipient email addresses and the subject of the email”.

“CBA’s investigation confirmed that the emails and any associated data had not been used and were deleted permanently from the domain owner’s servers,” it said.

The bank said that no customer data had been compromised but that it had started to contact customers whose data was affected.

It took steps to prevent more emails being sent to the wrong domain, firstly by blocking internal emails addressed to the domain in January 2017.

In April 2017, it made a more permanent fix by buying the domain.

“Since that time any emails inadvertently addressed to have been returned as ‘undeliverable’,” the bank said.

The domain had been originally owned by a US-based financial services company before being bought by a cybersecurity company and then ultimately by the bank.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Log In

Username / Email:
  |  Forgot your password?