CIMB’s lost data due to staff negligence

By MARK RAO / Pic By TMR File

The back-up data that was lost by CIMB Group Holdings Bhd during routine operations was due to staff negligence, Inspector General of Police (IGP) Tan Sri Mohamad Fuzi Harun said.

He also said that the case does not involve any elements of sabotage.

“The issue involves internal problems within CIMB and they have also taken the necessary security measures while issuing a statement regarding the matter,” Mohamad Fuzi was quoted as saying in a Bernama report yesterday.

CIMB, he said has lodged a police report regarding the lost magnetic tapes on the day of the incident itself at Balai Polis SEA Park in Petaling Jaya.

The case is currently being probed under Section 379 of the Malaysian Penal Code.

“If they need police assistance, we will help and the case will be handled by Bukit Aman’s Commercial Crime Investigation Department,” the IGP reportedly said.

CIMB — Malaysia’s largest financial institution based on assets managed — announced on Monday that several magnetic tapes which included customers’ information were physically lost during its everyday operations on the same day.

The bank clarified that the lost back-up data did not include PINs (personal identification numbers), passwords or credit card CVV (card verification value) number.

However, as a precautionary measure, the bank opted to temporarily suspend some of its services.

This includes the suspension of its call-centre service, thirdparty fund transfer or payment for customers without T-PIN and T-PIN creation or requests.

CIMB also said currently there is no evidence suggesting that the lost information has been compromised in any way, and they were unable to comment further.

The Malaysian Reserve (TMR) reported yesterday that the case is under the purview of the police and is currently being investigated with the assistance of the Department of Personal Data Protection.

Deputy Communications and Multimedia Minister Datuk Seri Jailani Johari urged the bank to improve on security measures for better handling and management of sensitive information.

Meanwhile, Association of Banks in Malaysia ED Kalpana Sambasivamurthy said the member banks under the organisation have taken steps to protect their customers following the case.

“Our member banks take serious view towards the issue of security and relevant measures been taken to safeguard the assets of their customers,” Kalpana told TMR in a statement.

Both the central banks of Malaysia and Singapore, namely Bank Negara Malaysia and Monetary Authority of Singapore, acknowledged that they were aware of the situation and advised bank customers to safeguard their information.