CIMB reports loss of back-up data, suspends selected services


CIMB Group Holdings Bhd has confirmed several magnetic tapes containing back-up data including customer information, were “lost during routine operations” but reaffirmed the lost data had not been compromised.

The country’s second-largest lender based on asset said it was working with the relevant authorities and taking the necessary security measures to protect the bank’s customers.

The bank has also heightened security measures across all channels, including temporarily suspending some services via its call centre — eg change of address, telephone number and/or email address for banking/credit cards; third-party fund transfer or payment for customers without T-Pin; and T-Pin creation or requests.

“Following a thorough and ongoing assessment, there is currently no evidence that any of this information has been compromised. The tape data does not contain any authentication data such as PINs, passwords or credit card CVV numbers,” the lender said in a statement to Bursa Malaysia.

The bank said CIMB still retains all customer information as the lost files were back-up data.

It urged CIMB customers to be extra vigilant and refer only to official CIMB channels such as the bank’s website, call centre and branches.

“We take our responsibility to our customers very seriously and we are confident the measures we have put in place will maintain the safety of customer transactions,” CIMB group CEO Tengku Datuk Seri Zafrul Aziz Abdul Aziz (picture) said.

“Although this was an isolated incident, we have reviewed and further strengthened our security and internal processes to ensure that we remove the possibility of it recurring.

“We apologise for the inconvenience that our heightened security measures may cause to our customers in the interim.

“Know that we are working very closely with all relevant authorities to mitigate any risk arising from this incident,” Tengku Zafrul said.

CIMB, however, did not divulge how and when the back-up tapes, which contained CIMB Bank Bhd’s and its subsidiaries’ customer information, were “physically lost”. It is not known how many records were stored in these tapes.

Meanwhile, Bank Negara Malaysia (BNM) said it was informed of the tapes lost incident by CIMB.

“We were assured by CIMB that the necessary precautionary measures and mitigation actions have been taken to manage any possible negative impact arising from the loss of the tapes,” the central bank said in a statement.

“Members of the public are advised to continue to be vigilant in safeguarding their personal information,” said the central bank.

Lenders traditionally back up their transactions data and stored the information separately from their centralised server system, as part of the security measure in the event of main system failure, or data lost.

Worries over data lost heightened recently after it was exposed that over 46 million records were stolen from various telecommunications companies and medical associations. It was believed to be the biggest data breach in the country.

The leaked data included names, phone numbers, personal addresses and serial information, in the form of international mobile equipment identity and international mobile subscriber identity numbers.