Key points:
- Commonwealth Bank assures customers that its Australian technology and systems are separate from its Indonesian subsidiary.
- The subsidiary experienced unauthorised access to a project management software application.
- 11 customers’ data, mostly staff members, were accessed but no banking details were compromised.
- No further details were provided regarding the nature of the incident or the responsible party.
- The bank is working with its subsidiary to address the issue.
The Commonwealth Bank of Australia has reassured its customers that its Australian technology and systems are not connected to those of its Indonesian subsidiary, which recently experienced a cyber incident.
The incident involved “unauthorised access” to a software application used for project management, although further details about the nature of the cyber incident or who was responsible for the unauthorised access were not provided.
According to sources cited by The Australian, the incident involved 11 customers’ data, mostly staff members of PT Bank Commonwealth, being accessed by an external party. However, no banking details were accessed. Commonwealth Bank has released a statement saying that PT Bank Commonwealth’s services continue to operate normally and that the Australian bank’s systems are segregated from PTBC’s systems.
The bank is working closely with PTBC to support their efforts in this matter.
Cyber-attack on Commonwealth Bank’s Indonesian subsidiary highlights needs for increased financial institution security
The cyber incident at Commonwealth Bank’s Indonesian subsidiary has raised concerns about the security of financial institutions and the potential risks of cyber-attacks. This incident follows high-profile cyber-attacks on other major companies, such as Optus and Medibank Private, last year. Commonwealth Bank CEO Matt Comyn has previously stressed the importance of companies and financial institutions being vigilant and prepared for cyber threats.
In response to these incidents, the Australian Prudential Regulation Authority (APRA) has announced that it is undertaking significant cyber security supervisory work. APRA Chairman John Lonsdale has stated that the regulator expects swift remediation if problems are identified at the entity level. Other major banks in Australia, such as National Australia Bank, have also reported fending off millions of attempts to access their systems every month.
The cyber incident at Commonwealth Bank’s Indonesian subsidiary serves as a reminder of the need for financial institutions to prioritise cyber security and take measures to protect their systems and customers’ data.
