PayID breach revealed
A data breach involving PayID records has put the personal banking information of tens of thousands of Australians at risk.
New Payments Platform (NPP) Australia - a real-time payments platform mutually owned by 13 major financial institutions, including the big four banks – reported the breach, which opened up access to details including phone numbers, names, BSB and account details linked to PayID.
“The affected data included PayID name and account numbers,” NPP said in an advisory.
"None of the details involved can, on their own, enable the withdrawal of funds from a customer's account without the customer's specific further involvement."
Australia biggest credit union, CUA, has been named as the financial institution responsible for the breach.
Banks have begun issuing warnings to customers.
Commonwealth Bank described it as “a sophisticated attack on another financial institution”, promising that it is “proactively contacting customers whose personal information has been disclosed to a third party through a sophisticated PayID scam”.
Westpac asked customers to be on the lookout for any suspicious activity.
“We ask that you also be vigilant with any messages received via text or phone calls from an unidentified source,” the bank told customers.
“We are urging all customers to be wary of any SMS phishing attempts — for example, a personalised message which looks like a legitimate message from Westpac or another bank, in an attempt to acquire banking credentials and password”
ANZ told its clients that “customers with impacted accounts have been contacted and these accounts are being closely monitored”.
“We are working with all relevant parties to manage the security of our customers' data and accounts and we will apply additional security controls to affected accounts where necessary,” it said.
NAB told customers it “would never ask you to confirm, update or disclose personal or banking information via email or text message. If you receive a message requesting this kind of information, do not provide it”.