• CIMB Heightens Security Measures To Safeguard Customers’ Transactions - FAQ

Frequently Asked Questions  

BM Version | Mandarin Version

1. Can you tell me what has happened and how the incident occurred?

We can confirm that several magnetic data tapes containing back-up data belonging to CIMB Bank were physically lost in transit during routine back-up operations. Following a thorough assessment, there is currently no evidence that any of this information has been compromised. Whilst some of the back-up tapes do contain customer information of CIMB Bank and its subsidiaries, we would like to reassure you that they do not contain any authentication data such as PINs, passwords or credit card CVV numbers.

2. What kind of data did the back-up tapes contain?

Due to the ongoing investigation, we cannot reveal the exact contents of the tapes. However, we can confirm that authentication data such as PIN numbers, credit card CVV and passwords were not on the tapes.

3. Has the bank lost my data?

As these are back-up tapes, we can confirm that CIMB still has all its customer data.

4. Who is affected by this incident?

The data on the back-up tapes only relates to some customers of CIMB Bank and its subsidiaries. CIMB still has all it customer data.

5. What actions is CIMB taking to recover the back-up tapes and ensure this does not happen again?

This was an isolated incident and we have reviewed and further strengthened our security and internal processes to ensure that we remove the possibility of it recurring. We are working closely with all the relevant authorities and taking the necessary measures to mitigate any risk arising from this incident. In response to this incident, we have decided to adopt a conservative approach to data protection and security, and heightened security measures across all channels, including temporarily suspending some services via its call centre. We apologise for the inconvenience that these heightened security measures may cause to our customers in the interim.

Some of the services which have been temporarily suspended at Call Centre are:

- Change of address, telephone numbers and/or email address for both banking and credit cards

- Third party fund transfer or payment without T-Pin

- T-Pin creation or requests

These are still available at other channels such as branches. 
 

6. What do you need me to do? Do I need to change any of my banking password(s) / credit card(s) / debit card(s)?

Following this incident, we do not need our customers to perform any specific actions. Nonetheless, we encourage our customers to follow these best practices:

- Be vigilant and keep your card, PIN, Clicks ID and password safe at all times.

- Please do not give your account/card/passwords details or TAC information via Call/SMS/Email to anyone who positions themselves as your bank or a regulator or Telco. Banks or Regulators will never ask for those details over the phone/SMS or email.

- Fraudsters may deploy scare tactics or even be aware of your personal details; please do not listen or act on any outside party’s advice. Rely on what the bank is telling you. If in doubt, contact us.

7. If I suspect someone has my data, who can I notify?

We would like to reiterate that the back-up tapes do not contain any authentication data such as PINs, passwords or credit card CVV numbers. However, we encourage our customers to continue being vigilant and if you receive any suspicious calls/ SMS/ email you should end the call immediately and contact us at any of the below numbers:

For card customers, please call the number at the back of your card.

03 6204 7788 - Consumer Contact Centre

03 6204 7799 - Premier Card Call Centre

1300885300 - Preferred Call Centre

1300888828 - Biz Call Centre

1300888068 - Biz Corp Call Centre

8. How do you ensure that I will not be a victim of any fraud from this incident?

We have heightened our security measures across all channels to maintain the safety of customer transactions. On our customers’ end, as always, we advise that you continue to be vigilant and when in doubt, refer only to official CIMB channels such as its website, call centre and branches.

9. How can I trust you?

We apologise for the any inconvenience that may be caused by this incident. We place a high emphasis on protecting our customers’ data and are taking all precautionary steps to safeguard our customers and strengthened our risk control measures. We would like to ask for your trust that we have the situation under control and that we are working very closely with all relevant authorities to mitigate any risk from this incident.

10. How will I be updated on the matter?

This matter is currently under investigation and we will continue to update our customers via all our channels and through the mainstream media.

For more information, please visit any of our branches, contact our Call Centre (see Q7) or email us at cru@cimb.com. Thank you.

Read the full press release here. Thank you.