Malaysia's CIMB says backup tapes containing banking customer data lost

Malaysia's CIMB says backup tapes containing banking customer data lost

Workers clean signage of CIMB bank in Kuala Lumpur on May 8, 2015. (Photo: AFP/ Mohd Rasfan) 

KUALA LUMPUR: Malaysia's CIMB Group Holdings Bhd on Monday (Nov 13) said some magnetic tapes containing backup customer data were lost during routine operations, adding that there has been no evidence so far that any data has been compromised.

The tapes do not contain any authentication data such as PIN numbers, passwords or credit card security numbers, the country's second biggest lender said in a statement.

"Several magnetic tapes containing back-up data were physically lost in transit during routine operations. Some of these tapes contain customer information of CIMB Bank and its subsidiaries," it said.

"Following a thorough and ongoing assessment, there is currently no evidence that any of this information has been compromised."

The bank said it was working with relevant authorities and taking steps to protect customers. It did not say when the tapes were lost.

CIMB said it has heightened security measures following the loss of the tapes, including temporarily suspending some services via its call centre. Such services include the change of address, telephone number and/or email address for credit cards. 

It also added that no action is required on the part of customers. 

In a separate statement, Malaysia's central bank said it has been assured by CIMB that "necessary precautionary measures and mitigation actions have been taken to manage any possible negative impact arising from the loss of the tapes".

Singapore's Monetary Authority of Singapore (MAS) also released a statement saying that it has "directed CIMB Singapore branch to ascertain the extent of the data loss and to take necessary measures to protect its customers". 

MAS also advised CIMB Singapore customers to consider changing their user IDs and passwords "should these be similar to other personal data such as their NRIC numbers and addresses". 

"Banks operating in Singapore are expected to have in place measures to safeguard the confidentiality of customer information. MAS will not hesitate to take action against banks that fail to do so," it said.

Earlier this month, Malaysia said it was investigating an alleged attempt to sell data of more than 46 million mobile phone subscribers online, in what appeared to be one of the largest leaks of customer data in Asia.

Source: Reuters/CNA/ad

Bookmark