Westpac’s PayID breach sees almost 100,000 users personal details exposed
Hackers attacking a Westpac online banking feature have exposed the private details of almost 100,000 Aussie banking customers.
A group of hackers have used Westpac’s money transfer platform to access the private details of almost 100,000 Australian banking customers.
Hackers targeted Westpac but customers from other banks have also been affected, according to the Sydney Morning Herald, who say experts have warned the exposed data could be used to commit fraud. The PayID systems allows the transfer of money online, where people can search one another using an email address or mobile phone number.
PayID can be used like an online lookup, where users can use a phone number or email address to reveal the details of an account holder.
The platform allows users to reveal private details of Australian banking customers by searching their phone numbers. The hackers, it is alleged, searched about 600,000 random Australian numbers, and were able to reveal the details of about 98,000 Australians, which could be used for fraud, or “secondary hacks”.
A spokesperson told the Today show, “the Westpac Group takes the protection of customer data and privacy extremely seriously and we continually monitor our systems. There has been no further inappropriate activity detected.”
“Westpac can confirm we had detected misuse of the (New Payments Platform’s) PayID functionality and we took additional preventive actions which did not include a system shutdown,” a spokesman told The Sydney Morning Herald yesterday. “No customer bank account numbers were compromised as a result.
“There has been no further inappropriate activity detected.”
The private details of almost 100,000 Westpac customers have been exposed after the system was hacked. Here's how to know if you're affected, and what you can do to keep your details safe. #9Today pic.twitter.com/KrlSBmW2W8
— The Today Show (@TheTodayShow) June 3, 2019
A confidential memo revealed that Westpac had noted about 600,000 PayID lookups, with about 98,000 of them successful, resulting in the details being revealed to the alleged fraudsters. The attacks on the bank’s system had been occurring since April 7, but Westpac did not inform customers of the breach until yesterday.
The attacks are coming from overseas, with intelligence from Westpac indicating they are likely coming from the US.
The lookup had been searching Australian phone numbers in ascending order on the system, but were essentially random phone numbers, (ie, not from a previous data leak).
They were searching the numbers on a semi-daily basis, according to The Sydney Morning Herald.
Banks have been pressured to roll out PayID by the Reserve bank since it was introduced in 2018. It was initially not offered by the big four.
Call for action over election deepfakes
A Greens senator has lashed Labor for not enacting “essential guard rails” on AI deepfakes ahead of this year’s federal election.
Major change to credit cards an Aussie first
An Australian bank has been the first mover Down Under to catch up with a key anti-scam development being used around the world.
Warning as scammers use fake AusPost link
A fresh warning has been released about an online scam where fraudsters use fake Australia Post links to defraud sellers on Facebook Marketplace.