The Commonwealth Bank of Australia (CBA) has acknowledged that its Indonesian subsidiary PT Bank Commonwealth (PTBC) has suffered a “cyber incident” after a hacker claimed to stolen customer data.
CBA made a voluntary announcement to the ASX acknowledging the attack on Wednesday afternoon.
“The incident relates to the authorised access of a web-based software application used for project management.”
The bank said that PTBC’s services are operating as normal and that their systems are segregated from CBA’s systems.
Earlier, a user posted on Telegram claiming to have breached PTBC’s systems and obtained data including account numbers, balances and transaction information.
“We do have Un-Published data of 162 million users,” they wrote in their message.
The user is selling the data for $620,000 of an unspecified denomination. Crikey was not able to independently verify the data as, unlike in the recent Optus and Medibank hacks, the user hasn’t published a sample.
CBA did not provide an on-the-record comment about how many users had been affected but Crikey also understands that CBA disputes the hacker’s number and has only confirmed 11 records of nine individuals affected so far.
“We can provide samples 2M [2 million] lines for 8000. This is to prevent time wastrs / media from PM’ing us and redistribution of samples,” they wrote.