The Commonwealth Bank of Australia earlier this month disclosed that around 650 emails containing the data of approximately 10,000 customers that were intended to be sent to internal staff members were inadvertently sent to the external domain of cba.com rather than the bank’s own domain of cba.com.au.
Although this security breach occurred more than a year ago, only now is it being brought to light in preparation for the CBA to contact its customers & assure them that they have fully resolved the issue. Be that as it may, this raises some very concerning questions for all of those in business – the most important being: what are the chances this could happen to us?
Let’s be clear – what we are talking about here isn’t just someone searching for you on Google and ending up at the Website of someone based overseas with a similar name as you. What has resulted in this situation is the potential for full disclosure of private and confidential details of clients – some of whom may never trust that business again.
Add the new Data Breach Notification Laws to this problem, and you now have an obligation to advise these clients of the betrayal of their trust – all in all, not a great day/week/month/year no matter what business you are in!
Accidentally typing in the wrong domain when composing an email address is easy for any one of us to do, so unless you own all other variants of your domain name, chances are someone could take advantage of human errors to maliciously set up a Receiving Mail Server and a list of Email Addresses in an effort to intercept data intended for your legitimate domain.
If you are concerned about potential domain imposters, or aren’t really sure which domains you actually do own, get in touch with the Innovations Team for a no obligation domain review to gauge your risk and mitigate what you can.