Australian bank gives out customer phone to another customer by asking ChatGPT
12 days ago
- #Banking Compliance
- #Privacy Violation
- #AI Misuse
- CBA staff used ChatGPT to retrieve and disclose a customer's phone number without verification.
- The disclosed phone number belonged to a director of Secret Lab, a CBA customer, violating privacy laws.
- CBA potentially violated the Privacy Act 1988, including APP 6, APP 8, and APP 11.
- The Banking Code of Practice was breached by unauthorized disclosure and lack of professional standards.
- AUSTRAC's KYC procedures were violated by using unreliable AI sources for customer information.
- Australian Consumer Law and ASIC regulations were potentially breached through misleading conduct.
- CBA's internal policies and Code of Conduct were contradicted by staff actions.
- Systemic issues include lack of verification protocols, security controls, and staff training.