100,000 Australians at risk of fraud as hackers attack Westpac's PayID platform

Amer Ghazzal/Barcroft Media via Getty Images(Amer Ghazzal / Barcroft Media / Barcroft Media via Getty Images)
  • Westpac has come under cyber attack, putting almost 100,000 Australian banking customers at risk, according to The Sydney Morning Herald.
  • The hackers are reportedly based overseas and conducted an “enumeration attack” of the bank’s PayID platform.
  • Westpac has confirmed the breach and apologised to customers but says the cybercriminals will not be able to access bank accounts.

Almost 100,000 Australian banking customers have had their private details exposed as Westpac comes under cyber attack, The Sydney Morning Herald has reported.

The bank’s PayID payments platform has been attacked by cybercriminals and customers of Westpac and other banks may now be at risk of fraud, the Herald reported. The incident is reported to be an “enumeration attack” whereby the attackers type in mobile numbers into the system at random in order to confirm the name of a corresponding number holder.

A Westpac spokesperson confirmed to Business Insider Australia that “mis-use” of the PayID functionality had occurred and stressed that the hackers will not be able to access bank accounts.

“No customer financial information was compromised as a result,” the spokesperson said. “It is important to note that no bank account details are stored in the PayID database and the only information displayed is a name and mobile number. No financial information is shown. Westpac apologises for this isolated incident and will continue to ensure customer information is secure.”

But a leaked communication from the bank to other financial services organisations, published by the Sydney Morning Herald, explained that the attackers had made around 600,000 “lookups” resulting in the successful finding of “around 98,000” customer names.

Nine’s Today Show reported that the attack was perpetrated by “overseas hackers” who entered the PayID system by making fake accounts.

Business Insider Australia has contacted Westpac for comment.

UPDATED 1.18PM 4/6/2019: This article was updated to include comments from a Westpac spokesperson.

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.