The Commonwealth Bank of Australia (CBA) has once again found itself in the spotlight for the potential mishandling of customer information, admitting it had sent over 650 incorrectly addressed internal emails.
The bank said on Friday it had completed an investigation that was initiated after a concern was raised about internal CBA emails being inadvertently sent to email addresses using the cba.com domain, prior to taking ownership of that domain in April 2017.
Its usual email domain is cba.com.au.
According to the bank, the cba.com domain name was first used by US-based financial services firm Cheslock Bakker & Associates up until the 2016-17 period, where it was used by a US cybersecurity firm.
CBA found that 651 internal emails sent during 2016-17, which contained data relating to approximately 10,000 customers, were received by the then user of the cba.com domain.
"An extensive and detailed investigation by CBA confirmed the contents of all 651 internal emails were automatically deleted by the cba.com domain owner's system, which only collected information on CBA sender and recipient email addresses and the subject of the email," the bank wrote in a statement on Friday.
The bank claims its investigation found that the emails and any associated data had not been used and were permanently deleted from the domain owner's servers.
"We want our customers to know that we are committed to being more transparent about data security and privacy matters," CBA acting group executive Retail Banking Services Angus Sullivan said.
"Our investigation confirmed that no customer data has been compromised as a result of this issue. We acknowledge however that customers want to be informed about data security and privacy issues and we have begun contacting affected customers."
The bank said that from January last year