NPP disclosed a breach that exposed PayID information and data that is associated with their Addressing Service. The information included was PayID names and the associated account numbers. Fortunately, none of the information would enable attackers to withdrawal funds from accounts. A vulnerability within a financial institution sponsored by Cuscal Limited exposed the data and Cuscal confirmed that it was a client-side issue which caused the exposure. The issue was identified shortly after it was reported and resolved almost immediately. Financial Institutions associated with NPP have been notified so they can take the proper action of notifying their customers and inform other entities. Further action has also been taken by NPP which will improve monitoring, detecting, and shutting down any malicious attempts on their PayID service. “Cybersecurity is an issue of paramount importance to NPP Australia. As part of our ongoing commitment to uplifting cybersecurity controls across the NPP ecosystem and following a similar event in June, we recently commenced implementation of more targeted cybersecurity requirements upon participating institutions, increasing assurance requirements and testing endpoint security to ensure that the controls are executed as intended,” stated NPP.
