Following an investigation by KPMG, the Commonwealth Bank said no evidence was found that customer information was compromised when two magnetic tapes went missing in 2016.
The tapes in question contained customer names, addresses, account numbers and transaction details from 2000 to 2016. They were scheduled for destruction, but at the time the bank was unable to confirm this had occurred.
KPMG determined that the likely scenario was that the tapes had been disposed of.
As a precaution, CBA implemented ongoing monitoring of the 19.8 million customer accounts whose details were included on the tapes and has acted on KPMG's recommendations to "ensure a similar incident does not happen again."
CBA acting group executive retail banking services Angus Sullivan explained: "We take the protection of customer data very seriously and incidents like this are not acceptable. I want to ensure our customers that we have taken the steps necessary to protect their information and we apologise for any concern this incident may cause."
"The relevant regulators were notified in 2016 and we undertook a thorough forensic investigation, providing further updates to our regulators after its completion. We also put in place heightened monitoring of customer accounts to ensure no data comprise had occurred," Sullivan said.
"We concluded, given the results of the investigation, that we would not alert customers. We discussed this course of action with the Office of the Australian Information Commissioner who subsequently advised that it did not intend to take any further action in relation to the matter."