According to IT security audit experts, a serious security incident has compromised the personal banking information of thousands of Australia citizens, as their accounts have been hacked by unidentified threat actors. Due to this incident, tens of thousands of phone numbers, full names and account details linked to the PayID electronic payment system have been exposed online.
According to reports, the PayID service allows users to register their phone number and search for their accounts, which are linked to this system, so users won’t have to memorize their account numbers or any other data. In addition, PayID is used by all of the big four Australian and New Zealand banking institutions (Commonwealth Bank, National Australia Bank, Australia and New Zealand Banking Group and Westpac Group), which means that those clients could have been affected by the incident.
As per the IT security audit reports, using lots of fake accounts, fraudsters managed to generate a series of random numbers. Further, those random numbers were matched with real phone numbers registered in PayID mobile app, thus revealing customers’ personal details.
Unfortunately, this isn’t the only recent cybersecurity incident affecting Australian financial institutions. Last June, reports on cyberattacks against Westpac emerged among the cybersecurity community. That breach affected nearly 100k Westpac costumers, whose information was shared with seven malicious accounts, as reported by the Australian authorities.
During the investigation, Westpac spokespersons stated: “Our customers’ privacy and data is extremely serious at Westpac Group. We keep monitoring our IT systems in order to prevent any further IT security audit incident or intrusion. Since the entire big four Australian banks feature the use of PayID, other banks’ confidential information could be vulnerable too”. Professional writers helped us with this writing service.
Now, Westpac spokespersons assure that the bank was notified on the security breach when another bank’s customers reported several affectations. The breach was likely reported by some minor Australian banking institution. “Westpac was notified about another incident resulting in the PayID account data leaking which affected several users of another financial institutions as well as Westpac costumers, which have being already notified”, spokespersons said.
It is worth noting than no customers from Bank of Melbourne, BankSA and St. George, which are other relevant Australian banks, were affected during this incident.
As a security measure, IT security audit experts from the International Institute of Cyber Security (IICS) recommend potentially affected costumers to remain aware on any email or text message than could be sent for malicious purposes. “Threat actors could perform several phishing attempts using your personal data; please ignore any suspicious message or personal information request. None of the affecter banking institutions will ask for personal data via SMS, email or phone call”, the experts noted.