CBA pays $525,000 in penalties for data sharing contraventions

Some customers may have been unable to share certain data to accredited recipients.

The Commonwealth Bank of Australia (CBA) has paid A$792,000 (approximately US$525,000) in penalties to the Australian Competition and Consumer Commission (ACCC) for contraventions related to customers’ inability to share data.

ACCC’s investigation found that some CBA customers may have been unable to share certain data with accredited recipients and their providers.

CBA enabled data sharing for business accounts via the CDR rules in November 2021. However, ACCC found that some account types were not enabled.

CBA said that it “accepts the findings of the ACCC’s investigation into CBA’s compliance with its CDR obligations.”

“We apologise to our customers affected by this issue,” the Australian bank said in an online statement on 9 December 2025.

CBA said that it will contact customers who may have attempted to share their data but were unable to do so to let them know that they may be eligible to participate in a remediation. CBA will contact these customers starting the week of 19 January 2026.

(US$1 = A$1.51; as of 9 December 2025, Morningstar via Google)