In a precautionary ASX statement on Wednesday, in light of last year’s high-profile cyber attacks on Optus and Medibank Private, CBA said it was aware of a cyber incident at PT Bank Commonwealth.

“The incident relates to unauthorised access of a web-based software application used for project management,” the statement said.

“PT Bank Commonwealth services continue to operate as normal. Commonwealth Bank of Australia’s systems are segregated from PTBC’s systems.

“We are working closely with PTBC and supporting their efforts in this matter.”

The statement did not provide further details around the nature of the cyber incident or who gained unauthorised access. Sources told The Australian the incident involved 11 customers’ data, the bulk of which are staff members of PTBC, being accessed by an external party. The data did not, however, include banking details.

After massive cyber breaches against Optus and Medibank last year, CBA chief executive Matt Comyn in September said companies and financial institutions had to be alert to cyber and data breach threats.

“This is a significant risk for every business in Australia. Events over recent days have highlighted that,” he said at the time.

“It’s something that we take very seriously, are very worried about. I think every business large and small is worried about it.

“At the moment, yes, we’ve been very focused on informing and communicating with our own customers about what sorts of things we’re doing, that they can be doing.”

Last year, Russian hackers accessed the health records and other personal information from almost 10 million current and former Medibank customers. After the company refused to pay a $15m ransom, it published customer claim data for sensitive conditions – including abortions, drug and alcohol abuse and mental health disorders – on the dark web.

Optus was also the subject of an embarrassing data breach last year that saw the records of 11.2 million customers stolen by a hacker.

Australian Prudential Regulation Authority chairman John Lonsdale in January said the regulator was undertaking a lot of cyber security supervisory work, after financial services companies were ordered to undertake independent system reviews.

“Where we have problems at the entity level we expect remediation to happen and we expect it swiftly,” he added.

“You need to have very sound operational risk and cyber resilience in place and importantly where there is a problem being able to make sure the critical functions still operate.”

APRA is awaiting the findings of a Deloitte review into Medibank Private’s cyber defences and controls.

National Australia Bank chief executive Ross McEwan in November outlined the lender was fending off millions of attempts to access its systems every month.

“We have now 24/7 shields up to block the attacks coming into a business like ours and there‘s say 50 million attacks on our digital channels (every month),” he said at the time. “People are trying to electronically get into the systems.”

More related stories

Business

It’s time to call your bank and whine

Know one knows where interest rates are headed so Barefoot Investor’s advice is call your bank and whine until you get a better mortgage deal.

Read more

Technology

Electric dreams: Is the grass really greener?

My Victa lawn mower ran on fossil fuels but was reliable, lasting more than 40 years. When it finally stopped working, I joined the Ryobi One electric cult. That was a big mistake.

Read more