Commonwealth Bank has apologised and agreed to pay $7.5 million after sending 170 million emails that breached Australian anti-spam laws.
The marketing messages sent to CBA customers between November 2022 and April 2024 breached the Spam Act 2003 because they did not include a way to unsubscribe, the Australian Communications and Media Authority said.
A total of 34 million messages were sent to people who had either not consented or who had withdrawn their consent to receive such messages, the authority said.
In 2023, CBA paid a $3.55 million penalty for sending 65 million emails without unsubscribe information.
"We have now had to take further action after this new investigation found that CBA had incorrectly classified millions of messages as non-commercial," authority chairwoman Nerida O'Loughlin said.
“Australians are sick and tired of this kind of spam intruding on their privacy and it’s clear CBA did not have its systems in order."
A CBA spokesman said the bank accepted the authority's findings, apologised for sending the non-compliant messages and had co-operated fully with the investigation.
"Timely and relevant information for our customers is incredibly important and the way we classify that information to meet our regulatory requirements and customer expectations is an absolute priority," he said.
"We are committed to meeting our obligations and we’re dedicating significant time and resources to this.”
Examples of the emails provided by the authority included one promoting an instalment plan for credit card debt; another spruiking CommBank Yello benefits; one aimed at new CBA mortgagors offering them a free NBN plan with a CBA partner; and a message reminding CBA awards points members they could pay with points at Myer.