Bank details exposed in second New Payments Platform breach
Almost 100,000 bank and credit union customers using the real-time New Payments Platform have been entangled in a data breach.
Almost 100,000 bank and credit union customers using the real-time New Payments Platform have become entangled in a data breach, prompting lenders to warn account holders their information might be at risk.
The breach earlier this month was linked to “a vulnerability” in a financial institution using the NPP through credit union and mutual platform Cuscal.
In a statement yesterday, Cuscal said fewer than 92,000 customers, or about 3 per cent of those registered for the PayID system, were affected. But the incident is another blow to the NPP, marking the second breach in as many months after Westpac was targeted in June.
“Upon identification of the issue our NPP-identified institution client took immediate action to remediate, as well as putting additional alerting in place to mitigate against further incidents,” Cuscal said. “Technology changes were made by the client immediately.”
NPP allows the instant flow of money and data between bank accounts and can draw on an email address or mobile number rather than a customer’s account number. The Reserve Bank backed the initiative to stop financial institutions dragging the chain on real-time payments.
The latest data breach led to unique identifier records known as PayIDs — including names and account numbers — being exposed.
“While this incident affects a small number of CommBank and Bankwest accounts, we are encouraging all customers to be extra vigilant to protect their information,” a Commonwealth Bank spokesman said.
A Westpac spokesman said the bank had notified customers caught in the breach. “We are urging all customers to be wary of any SMS phishing attempts — for example, a personalised message that looks like a legitimate message from Westpac or another bank — in an attempt to acquire banking credentials and password,” she said.
National Australia Bank said it had contacted customers affected by the breach.
QBE misled half a million customers, lawsuit alleges
The insurance major is accused of misleading customers on discounts for products including home, contents and car protection.
NAB boss urges ‘massive cultural shift’, tells staff to step up
CEO Andrew Irvine has set a bold target for it to become the ‘most customer-centric company’ in Australia and New Zealand, as he lamented that improved momentum had not led to better customer advocacy.