Westpac Cybersecurity Breach Impacts Almost 100,000 Customers
A major cybersecurity breach that has struck Australia’s Westpac Banking Corporation has reportedly impacted almost 100.000 customers.
Australian website nine.com.au reports, “A major cyber security breach has seen the private details of almost 100,000 Westpac customers exposed after the bank’s system was attacked by hackers.”
As per reports, it was PayID, the real-time payments platform that allows instant money transfer between banks using a mobile number or email address, that was targeted by the cybercriminals in this attack.
The Sydney Morning Herald, in a detailed report on the hacking incident, notes, “Unknown to many Australians, PayID operates like a telephone book, allowing anyone to type in a mobile number or email address and have it confirm the name of the corresponding account holder. This allows for what security experts call an “enumeration attack”, whereby numbers can be changed at random to find the names and mobile numbers of thousands of Australians…Experts say that with access to these details, fraud could be committed on a mass scale.”
Though Westpac has confirmed the attack, details haven’t been divulged as regards the number of people affected, say reports. It’s also reported that the Westpac data breach has affected customers from other banks as well.
The Sydney Morning Herald reports that Westpac has disclosed information about the breach to Australia’s banking and financial industry in a confidential memo, which has been obtained by the Sydney Morning Herald and The Age. As per the report, the memo says, “On 22 May 2019, Westpac noted that a high volume ([around] 600,000) of NPPA PayID lookups was made from 7 compromised Westpac Live accounts. [Around 98,000] of the lookups successfully resolved to a short name and this was displayed to the fraudster… Further analysis revealed that the attacks had been occurring since 7 April 2019 (the total number of lookups is [around] 600,000). The attackers are possibly offshore (the … intelligence of the logins indicates [they are] US-based fraudsters).”
The memo clarifies that the accounts that have been used for the breach seem to have been either compromised or set up to perform the attack. It’s stated that Westpac had got in touch with the legitimate owners of the existing accounts and they were not aware of the attacks or involved in any way. The Sydney Morning Herald report also states that as per the memo, the hackers had been trying phone numbers in a semi-sequential manner and also that it appears likely that the numbers are targeted based on guessing and don’t come from any existing data compromise. It’s also stated that the attacks were continuing on a semi-daily basis.
Westpac, upon detecting the issue, has taken additional preventive actions and had managed to go on without a system shutdown. It’s also reported that no customer bank account numbers have been compromised in the attack.
Experts point out that this data breach could make customers refrain from using the PayID system until they are certain that their personal data won’t be breached.