A well placed source said CBA was contacting more than 20,000 customers in the wake of the breach.
«As part of the data incident, customer information relating to property valuations was found hidden on the internet,» the bank, Australia’s biggest lender, said in a statement.
«The customer information that was disclosed relates directly to the valuations completed by LandMark White and includes customer name; contact details such as phone or email address; and details about the valued property.»
The CBA statement said no bank account information was disclosed in the breach and apologised to customers for the incident.
«We take the protection of data and security incidents very seriously. The safety and security of our customers’ information is of paramount importance to us, which is why we have immediately suspended using LandMark White while we investigate how this occurred,» the statement said.
LandMark White has set up a website for its customers and said there was no evidence of misuse of any information although that position remained «under close review».
«We are working closely with experts in IT and cybersecurity as well as our corporate partners, to achieve the best possible outcome for our clients,» LandMark White chief executive Chris Coonan said.
»LandMark White acted immediately, employing independent experts in data breaches and cyber security to assist with the investigation into the incident.»
Mr Coonan said the company had also notified authorities as soon as it became aware of the issue adding the extent of the disclosure was still unclear.
»Although LandMark White’s investigation is ongoing, we have taken immediate steps to prevent any further disclosure of data. Currently there is no evidence of misuse of any information,» Mr Coonan said.
»We will share new information as soon as possible.»
ANZ chief data officer Emma Gray said the bank was still working out how its customers were affected.
»We will contact them directly to outline potential impacts and how we will support them,» Ms Gray said.
«At this stage we understand a very small percentage of our customers who had valuations undertaken between November 2015 and December 2018 are potentially impacted.»
She said ANZ had suspended the use of LandMark White and had no reason to believe other valuers were involved in the breach.
«ANZ takes its privacy obligations very seriously and we are extremely disappointed this incident has occurred,» she said.
A NAB spokesperson said it was also identifying and contacting customers.
Carolyn Cummins is Commercial Property Editor for The Sydney Morning Herald.