ANZ closes security hole, opens another

Summary:ANZ has closed an older security hole in its online eStatements service, but at the same time opened up a new hole that exposed the personal details of some of its customers.

ANZ has closed an older security hole in its online eStatements service, but at the same time opened up a new hole that exposed the personal details of some of its customers.

The bank previously pulled the service after it was discovered that electronic bank statements were being stored in web browsers' history functions, leaving them vulnerable to snooping on public computers. While that security hole has been fixed and brought back into use, ANZ has unwittingly allowed a small number of users to access other people's statements.

ANZ said that it became aware of the issue through its own internal monitoring processes, and from concerned customers who had called the bank, and as a result immediately disabled online statements again. It said that it was aware of only a small number of instances in which users received someone else's statements and estimated that about 60 customers were affected.

Meanwhile, ANZ has stated that it has advised the privacy commissioner of the incident and will be contacting impacted customers to brief them on the situation.

"This is a regrettable incident that will be investigated fully and we apologise to our customers," the bank said.

Topics: Security, Banking

About

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.