What’s the matter?
Australia’s New Payments Platform (NPP) disclosed that PayID records and associated data in the Addressing Service were exposed in a data breach.
What was exposed?
The exposed PayID records include PayID names and the associated account numbers. However, NPP confirmed that none of the exposed data can enable the withdrawal of funds from a customer’s account.
What is the reason behind the data breach?
What actions are being taken?
“These regulations incorporate suspension of access to the PayID service by organisations not meeting these requirements, and were recently strengthened by the introduction of non-compliance charges which are expected to be also applied where these controls are not implemented,” NPP Australia said.
“Cybersecurity is an issue of paramount importance to NPP Australia. As part of our ongoing commitment to uplifting cybersecurity controls across the NPP ecosystem and following a similar event in June, we recently commenced implementation of more targeted cybersecurity requirements upon participating institutions, increasing assurance requirements and testing end point security to ensure that the controls are executed as intended,” NPP added.