This article reports that Commonwealth Bank of Australia (CBA) accidentally sent the data of 10,000 customers to a wrong email address for more than three years. The data included names, addresses, account numbers, and statements of customers who had accounts with the bank's subsidiary, CommInsure.
The bank discovered the error in 2016 and notified the Australian Prudential Regulation Authority (APRA) and the Office of the Australian Information Commissioner (OAIC). The bank said it had no evidence that the data was misused or compromised, and that it had taken steps to prevent such incidents from happening again. The bank also offered free credit monitoring and identity theft protection to the affected customers.