CIMB Malaysia: No data compromised through lost tapes

Malaysia's CIMB Group said some magnetic tapes containing back-up customer data have been lost but added that there has been no evidence that any data has been compromised.

Malaysia's second-biggest lender said the tapes do not contain any authentication data such as pin numbers, passwords or credit card security numbers.

"Several magnetic tapes containing back-up data were physically lost in transit during routine operations. Some of these tapes contain customer information of CIMB Bank and its subsidiaries," it said. "Following a thorough and ongoing assessment, there is currently no evidence that any of this information has been compromised."

The bank said it was working with relevant authorities and taking steps to protect customers. It did not say when the tapes were lost. CIMB said it has heightened security measures following the loss of the tapes, including temporarily suspending some services via its call centre.

A spokesman for the Monetary Authority of Singapore (MAS) said that "as the incident occurred in Malaysia, MAS has been in touch with Bank Negara Malaysia. MAS has directed CIMB Singapore branch to ascertain the extent of the data loss and to take necessary measures to protect its customers".

MAS said CIMB is implementing enhanced security measures to safeguard affected customers.

It also advised customers of CIMB Singapore to exercise vigilance and closely monitor SMS and other alerts from their financial services providers.

The spokesman said: "Customers should consider changing their user IDs and passwords should these be similar to other personal data such as their NRIC numbers and addresses."

The MAS added that banks operating in Singapore are expected to have in place measures to safeguard the confidentiality of customer information. "MAS will not hesitate to take action against banks that fail to do so," the spokesman added.

CIMB said yesterday that as these are back-up tapes, CIMB still has the customer information. The bank "has heightened security measures across all channels, including temporarily suspending some services via its call centre, for example, change of address, telephone number and/or e-mail address for credit cards."

CIMB's group chief executive, Tengku Datuk Sri Zafrul Aziz, said: "We take our responsibility to our customers very seriously and we are confident the measures we have put in place will maintain the safety of customer transactions. Although this was an isolated incident, we have reviewed and further strengthened our security and internal processes to ensure that we remove the possibility of it recurring."

A version of this article appeared in the print edition of The Straits Times on November 14, 2017, with the headline 'CIMB Malaysia: No data compromised through lost tapes'. Print Edition | Subscribe