Incidents

Multiple Australian banks hacked; thousands of customers’ information leaked

According to IT security audit experts, a serious security incident has compromised the personal banking information of thousands of Australia citizens, as their accounts have been hacked by unidentified threat actors. Due to this incident, tens of thousands of phone numbers, full names and account details linked to the PayID electronic payment system have been exposed online.

According to reports, the PayID service allows
users to register their phone number and search for their accounts, which are
linked to this system, so users won’t have to memorize their account numbers or
any other data. In addition, PayID is used by all of the big four Australian and
New Zealand banking institutions (Commonwealth Bank, National Australia Bank,
Australia and New Zealand Banking Group and Westpac Group), which means that
those clients could have been affected by the incident.

As per the IT security audit reports, using
lots of fake accounts, fraudsters managed to generate a series of random
numbers. Further, those random numbers were matched with real phone numbers
registered in PayID mobile app, thus revealing customers’ personal details.

Unfortunately, this isn’t the only recent cybersecurity incident affecting Australian financial institutions. Last June, reports on cyberattacks against Westpac emerged among the cybersecurity community. That breach affected nearly 100k Westpac costumers, whose information was shared with seven malicious accounts, as reported by the Australian authorities.

During the investigation, Westpac spokespersons
stated: “Our customers’ privacy and data is extremely serious at Westpac
Group. We keep monitoring our IT systems in order to prevent any further IT
security audit incident or intrusion. Since the entire big four Australian
banks feature the use of PayID, other banks’ confidential information could be
vulnerable too”.

Now, Westpac spokespersons assure that the bank
was notified on the security breach when another bank’s customers reported
several affectations. The breach was likely reported by some minor Australian
banking institution. “Westpac was notified about another incident
resulting in the PayID account data leaking which affected several users of
another financial institutions as well as Westpac costumers, which have being already
notified”, spokespersons said.

It is worth noting than no customers from Bank
of Melbourne, BankSA and St. George, which are other relevant Australian banks,
were affected during this incident.

As a security measure, IT security audit
experts from the International Institute of Cyber Security (IICS) recommend
potentially affected costumers to remain aware on any email or text message
than could be sent for malicious purposes. “Threat actors could perform
several phishing
attempts using your personal data; please ignore any suspicious message or
personal information request. None of the affecter banking institutions will
ask for personal data via SMS, email or phone call”, the experts noted.

To Top

Pin It on Pinterest

Share This