And the financial institution at the centre of the personal information can be exclusively revealed by News Corp Australia.

CUA, the nation’s largest credit union which is Queensland-based, can be blamed for the breach which was bought to their attention earlier this month.

The lender has around 500,000 customers.

A CUA spokeswoman said they took “immediate action” when they were notified of the issue on August 16.

“Some information attached to individuals’ PayIDs was accessed,” she said.

“No financial transactions took place and nor can the information accessed be used, on its own, to enable financial transactions.”

Customers’ information including their phone numbers, customer names, BSB and account numbers all linked to a person’s PayID was accessed by fraudsters in recent days.

About 90,000 banking customers have been impacted by the breach

In what is a disaster for the New Payments Platform (NPP), which has struggled to get millions of Australians to move across to using PayIDs, banks and authorities are now working in overdrive to ensure customers’ information is safe.

In 2018 the NPP was rolled out to deliver 24-hour, seven-day-a-week instant transfers.

This now allows customers at most institutions to move money instantly between banks, doing away with delays that could previously have taken several days for the money to arrive in another account.

Customers could set up a PayID meaning they no longer need to disclose their BSB and account numbers.

Instead they could link their own email address, phone number or ABN for small businesses to their bank account and share this with the relevant person who could then move money to them.

MORE NEWS

How I stopped an $18,000 email scam

The biggest scams robbing Australians

What to do when your bank account is hacked

Customers at all of the nation’s big four banks - the Commonwealth Bank, National Australia Bank, ANZ and Westpac - are among those impacted.

Westpac is among the big lenders who sent out an urgent warning to customers over the weekend to check their bank accounts.

The email to customers said, “We have heightened monitoring on your account and ask that you are on the lookout for any suspicious activity.

“We ask that you also be vigilant with any messages received via text or phone calls from an unidentified source.”

The nation’s biggest bank, CBA and its subsidiary Bankwest, also said in a statement on CBA’s website that a number of customer PayIDs across many institutions including theirs “have been accessed through another financial institution”.

They warned customers they might have received a fraudulent SMS saying their account had been suspended and it included a link to click on.

“The PayID scam via SMS or email may have your name or account details in it,” the website said.

“If you have clicked a link from a suspicious SMS or email, contact us on 13 2221 urgently.”

A Westpac spokeswoman said the latest incident has “affected customers from other banks including Westpac and we have notified all impacted Westpac customers”.

“We are urging all customers to be wary of any SMS phishing attempts – for example, a personalised message which looks like a legitimate message from Westpac or another bank, in an attempt to acquire banking credentials and password.”

Customers at Westpac’s subsidiary banks including Bank of Melbourne, BankSA and St.George were not impacted.

It remains unclear whether any customers’ money has been lost.

Payments provider Cuscal said a financial institution they work with had “experienced a spike in PayID inquiries” recently.

“We have put in place heightened monitoring and are reviewing additional control options,” a Cuscal spokeswoman said.

An NPP spokesman said “the affected data included PayID name and account numbers. “None of the details involved can, on their own, enable the withdrawal of funds from a customer’s account without the customer’s specific further involvement.”

sophie.elsworth@news.com.au

@sophieelsworth

Originally published as Urgent warning after bank customers hacked