Tens of thousands of Australians have had their personal banking information hacked by fraudsters.
Details including phone numbers, names, BSB and account details linked to PayID were all breached in recent days.
PayID allows anyone to type in a phone number and search for the account registered under it. It’s a system used by all of the big four banks, with customers from each believed to have been affected.
When a registered mobile number is typed into the app, it also displays the owner of the account’s name.
It’s believed fraudulent accounts worked to generate a series of random numbers.
The millions of randomly-generated numbers would eventually coincide with real phone numbers registered in the app and reveal customers’ names and details.
The most recent breach follows a strikingly similar attack on Westpac from early June.
In that instance, about 98,000 customers’ information was shared with seven fraudulent accounts.
At the time, a Westpac spokesperson told 7NEWS.com.au: “Westpac Group takes the protection of customer data and privacy extremely seriously and we continually monitor our systems.”
It was believed that, since all of the big four banks offer PayID, other banks’ customers could be vulnerable.
The spokesperson now says it was notified of the breach when a customer of another bank was affected.
It’s understood the bank which raised the alarm was not one of the big four.
“Westpac was made aware of an incident at another financial institution which has resulted in the disclosure of PayID account data of a number of individuals.
“This incident has affected customers from other banks including Westpac and we have notified all impacted Westpac customers.”
Customers are encouraged to remain vigilant for any emails or texts that look dodgy.
“We are urging all customers to be wary of any SMS phishing attempts – for example, a personalised message which looks like a legitimate message from Westpac or another bank, in an attempt to acquire banking credentials and password.”
No customers from Bank of Melbourne, BankSA and St. George were impacted.
New Platform Payments
In a statement, the New Payments Platform said it was aware of a “vulnerability” of data.
“The affected data included PayID name and account numbers,” the statement read.
“None of the details involved can, on their own, enable the withdrawal of funds from a customer’s account without the customer’s specific further involvement.”
Source @ 7News.com