ANZ has closed an older security hole in its online eStatements service, but at the same time opened up a new hole that exposed the personal details of some of its customers.
The bank previously pulled the service after it was discovered that electronic bank statements were being stored in web browsers' history functions, leaving them vulnerable to snooping on public computers. While that security hole has been fixed and brought back into use, ANZ has unwittingly allowed a small number of users to access other people's statements.
ANZ said that it became aware of the issue through its own internal monitoring processes, and from concerned customers who had called the bank, and as a result immediately disabled online statements again. It said that it was aware of only a small number of instances in which users received someone else's statements and estimated that about 60 customers were affected.
Meanwhile, ANZ has stated that it has advised the privacy commissioner of the incident and will be contacting impacted customers to brief them on the situation.
"This is a regrettable incident that will be investigated fully and we apologise to our customers," the bank said.