Like many large organisations, we see a lot of different targeted cyber security activity nearly every day, from email scams to more coordinated and sophisticated attempts. We have advanced monitoring and dedicated cyber security experts and processes in place that help us deal with these types of events and keep our customers’ information and finances safe.
We understand that the South Australian Police have charged a youth with offences relating to causing unauthorised impairment to electronic systems, one of which was an event against Commonwealth Bank in February 2016.
We can confirm that this was a distributed denial of service (DDoS) event and as such this had the potential to cause serious disruption to our services.
We take these matters very seriously and our security monitoring and processes worked effectively. We responded immediately to minimise any disruption to our customers. Some customers were unable to access some of their services for a time as a result of these actions, but full services were quickly restored.
We can assure our customers that their funds and information were not at risk at any time.
We are cooperating fully with the police and we will not comment whilst this matter is before the courts.
Further information: DDoS involves many different devices (sometimes distributed around the world) repeatedly making requests for information so as to overwhelm an organisation’s resources or websites, and to stop or hinder its ability to provide customer services. A DDoS event is about stopping customers from accessing online services, not about breaking into accounts or systems. A simple analogy is to imagine that at your local bank there was a huge crowd of people at the front door preventing you from entering. You wouldn’t be able to complete your transaction, it would be very inconvenient, but your money would be safe inside the vault in the bank.