Commonwealth Bank of Australia has lost track of some 20 million customer statements scheduled for destruction two years ago — records that contain personal details but no passwords or PINs.

The records were stored on two magnetic tapes used to print bank records, the financial institution said this week when announcing the incident. Those tapes were supposed to be destroyed in May 2016. The decision to reveal the loss of the data came after the Office of the Australian Information Commissioner, which focuses on data protection, decided it needed more information about the apparent loss of those records, according to a report in the The Sydney Morning Herald.

“There is no evidence any customer records have been compromised,” said Angus Sullivan, Commonwealth’s acting group executive of retail banking services, in a video message on the bank’s website. “Most likely, the tapes have been disposed of. But without the evidence, we immediately launched an investigation.”

Sullivan said Commonwealth contacted its regulators. The investigation revealed that the tapes held no data that could enable account fraud, only information such as customer names, addresses, account numbers and transaction details. The investigation, for which the bank hired KPMG, also found no sign of any cyber breaches or that anyone had broken into the financial institution’s technology platforms, systems, services, apps or website.

Source: PYMNTS