Yahoo Finance 100,000 Aussies fall victim to Westpac’s security breach – are you one of them?
Nearly 100,000 Australian’s private details have been exposed to cyber criminals after hackers attacked Westpac’s banking system.
Specifically, hackers attacked the real-time payment platform PayID, which works like an open telephone book where plugging in an email address and mobile number will see the corresponding account holder’s name.
Security experts told Fairfax the attack was called an “enumeration attack”, where hackers type in and change numbers at random to find the details of Australians.
The attack also affects non-Westpac customers, according to Fairfax.
Westpac confirmed the incident late on Monday but did not confirm how many Australians were affected.
“Westpac can confirm we had detected mis-use of the New Payments Platform’s PayID functionality and we took additional preventative actions which did not include a system shutdown,” a Westpac spokesperson told Yahoo Finance.
“No customer bank account numbers were compromised as a result.”
Westpac takes consumer data and privacy protection “extremely seriously” and is continually monitoring their systems, the spokesperson said.
“There has been no further inappropriate activity detected.”
Related story: Will the banks cut rates if the RBA does?
Related story: Warning: These fake job ads want you to help cyber criminals launder money
Related story: IT'S A SCAM: ATO warns about fake tax refund texts
But a confidential memo obtained by Fairfax revealed further details about the breach, and revealed Westpac had known about the breach for as long as a fortnight.
"On 22 May 2019, Westpac noted that a high volume ([around] 600,000) of NPPA PayID lookups was made from 7 compromised Westpac Live accounts," the memo said.
"[Around 98,000] of the lookups successfully resolved to a short name and this was displayed to the fraudster.”
The fraudsters had been “trying phone numbers in a semi-sequential manner”.
The attacks – which looks to be from US-based fraudsters, according to intelligence of the logins – have been occurring since 7 April 2019, with the total number of look-ups around 600,000, the memo went on to say.
"The accounts used appear to have been compromised or set up... to perform the attack (Westpac conversations with the legitimate owners of the existing accounts used indicates that they are not aware of the attacks or involved in any way)."
Attacks are “continuing on a semi-daily basis”, the memo said, although the “sale of resolved accounts” is now “greatly reduced”.
Online forum Whirlpool user “Two Bob” first sounded the alarm about the attack on the forum.
Corporate regulator and bank watchdogs ASIC and APRA have been warning businesses to ensure their cybersecurity systems keeps up with the growing sophistication of online hackers.
Make your money work with Yahoo Finance’s daily newsletter. Sign up here and stay on top of the latest money, news and tech news.
