Commonwealth Bank of Australia admitted that 650 emails with costumers information sent to out side location.
Who doesn’t confused when it comes to email domains? The Commonwealth Bank of Australia (CBA) certainly did. The bank has admitted that over 650 emails containing information on around 10,000 customers that were supposed to be sent internally were sent to an external domain. The emails were addressed to cba.com instead of cba.com.au. The bank does now own the domain of cba.com since April of last year, however when these emails were sent, the domain was owned by US-based financial services firm Cheslock Bakker & Associates, and later a cyber security firm.
While the bank freely leaked customer information through misaddressed emails, luckily it seems those customer’s information can’t be utilized as the receiving server automatically deleted the files upon delivery. In the banks statement, they explain, “An extensive and detailed investigation by CBA confirmed the contents of all 651 internal emails were automatically deleted by the cba.com domain owner’s system, which only collected information on CBA sender and recipient email addresses and the subject of the email.”
Since the bank purchased the .com domain, they have disabled the receipt of email. Any emails sent to cba.com will be returned to the sender as undelivered.