Commonwealth Bank of Australia has paid a fee of approximately USD 524,000 after the Australian Competition & Consumer Commission (ACCC) accused it of breaching consumer data rules.
The country’s competition regulator issued CommBank four infringement notices for allegedly breaching consumer data right (CDR) rules, with the bank allegedly failing to enable data sharing for some businesses and partnership accounts. The rule allows consumers to share data with accredited third parties to get improved deals on products and solutions.
The highest penalty to date for breaching CDR rules
ACCC mentioned that the penalty CommBank has to pay is the highest one to date for an alleged breach of the CDR rules. The regulator believes that this should serve as a reminder that failure to comply will result in enforcement action. According to the regulator, individuals complained that they faced challenges in accessing CDR-enabled solutions and products.
However, CommBank said it discovered the breach and reported it of its own initiative after the National Australian Bank was fined USD 495,800. Additionally, the bank will contact customers who were unable to share their data and inform them that they may be eligible to participate in a remediation.
Throughout 2025, CommBank partnered with multiple companies to optimise fraud prevention and detection. In February, it joined forces with Telstra to launch Fraud Indicator, a tool which analyses unusual mobile service usage patterns to identify potential cases of fraud. The system was projected to strengthen the bank’s ability to detect fraudulent account openings by over 25% for customers who use both CommBank and Telstra services.
In July 2025, it partnered with Apate.ai to optimise security against scams by leveraging AI. CommBank integrated a network of AI-driven bot profiles developed by Apate.ai, which interact with scammers through text and voice calls to collect intelligence that leads to the disruption of fraudulent activities.
