READ MOREThe Commonwealth Bank of Australia (CBA), the country's third largest company, on Wednesday confirmed that it lost the backup tapes containing details of 20 million accounts dating back 15 years.
Although the incident occurred in 2016, before laws requiring mandatory reporting of serious breaches, Attorney-General Christian Porter said that customers of the bank had a right to know at the time.
He said the breach was "very, very disappointing" and "very serious (and) of great concern to me, the government and my office."
Revelations of the breach came one day after a report by the Australian Prudential Regulation Authority (APRA) accused CBA of lacking accountability and harboring a complacent culture.
Porter said the breach was an "obvious case in point" of the organization failing to recognize its non-financial requirements as described by the APRA report.
"Notification should flow up to government and down to customers as quickly as possible," he told Sky News Australia on Thursday night.
"The obvious question arises: why couldn't they have notified their customers of that back in 2016?"
He said it was "unquestionable" that the bank's reputation has been tarnished in the wake of the breach and revelations in the banking royal commission, including that it charged fees for advice to customers who had been dead for more than a decade.
"As the royal commission has gathered pace it seems that sharp practices and, frankly, unethical practices, and in some cases quite despicable practices, seem to have permeated a variety of different business models inside the banks including the provision of financial advice," Porter said.
Porter said his office would "looking at any avenues" to pursue legal action against the bank for the breach. ■