Buck up on data handling security, CIMB told


CIMB Group Holdings Bhd has been told to improve its security measures in the handling, management and operation of sensitive information following the loss of personal data backup tapes.

Deputy Communications and Multimedia Minister Datuk Seri Jailani Johari said that the government is concerned over the tape loss incident and had took the necessary actions after it was reported by the lender.

He said all companies that are handling consumers’ personal data, including CIMB, should adhere to the regulations detailed by the Malaysian Communications and Multimedia Commission (MCMC).

“We are concerned on the case which could lead to breach of personal data.

“However, for CIMB, what was lost in transit was the physical tape itself, and not so much of the data,” Jailani told The Malaysian Reserve at the Parliament yesterday.

CIMB on Monday confirmed that several magnetic tapes containing back up data were physically lost in transit during routine operation.

Jailani said all companies must comply with the General Consumer Code of Practice for the Communications and Multimedia Industry, which details necessary steps to be taken on handling personal data of consumers.

Under the code, operators are responsible to protect their clients’ personal data. He said CIMB’s loss tape case is currently being investigated by the police as possible theft of the tapes falls under police purview.

“The Department of Personal Data Protection will step in to assist the investigation,” he added.

Jailani commended CIMB’s management for owning up to the tape loss and had put in the necessary measures to improve security.

CIMB had heightened security measures across all channels following the loss of several magnetic tapes containing back-up data.

The bank also clarified that the missing tapes did not contain any authentication data such as Personal Identification Numbers (PINs), passwords or credit card verification value (CCV) numbers.

“Some of these tapes contain customer information of CIMB Bank Bhd and its subsidiaries. Following a thorough and ongoing assessment, there is currently no evidence that any of this information has been compromised,” it said.

CIMB also had temporarily suspended some services via its call centre such as change of address, telephone number and/or email address for banking/credit cards; third-party fund transfer or payment for customers without T-Pin; and T-Pin creation or requests.

CIMB Group CEO Tengku Datuk Seri Zafrul Aziz had said that the bank takes it responsibility very seriously and is confident that the measures put in place will maintain the safety of customer transactions.

“Although this was an isolated incident, we have reviewed and further strengthened our security and internal processes to ensure that we remove the possibility of it recurring,” he said.