Westpac - Suspected data breach on a merchant network

Please note this sub-forum does not provide professional finance advice. You should seek advice from a licensed financial advisor.

To post in this sub-forum you must have made 100 posts or have Trust status or have completed our ID Verification.

If investing please consider our affiliate link for new accounts: Sharesies.

Forums › Finance and wealth management › Westpac - Suspected data breach on a merchant network

Dulouz

883 posts

Ultimate Geek

#272442 25-Jun-2020 08:26

I had to get a new credit card because of a suspected data breach on a merchant network. When I asked what merchant network they refused to tell me. I assumed I had a right to know. I mean what other data may have been breached? Surely that's a reasonable request.

Amanon

Handsomedan

7281 posts

Uber Geek

ID Verified

Trusted

Subscriber

#2511966 25-Jun-2020 08:42

Person you were talking to likely didn't know and was probably told not to tell you, even if they found out.

Handsome Dan Has Spoken.
Handsome Dan needs to stop adding three dots to every sentence...

Handsome Dan does not currently have a side hustle as the mascot for Yale

*Gladly accepting donations...

concordnz

472 posts

Ultimate Geek

Trusted

EMT (R)

#2511970 25-Jun-2020 08:50

Nope, you don't have a Right to know, the details.
(Particularly as it will be under police investigation & releasing that information may compromise that.)

Yes, you have a Right to know that there HAS been a breach (which it looks like you have been told)

NO, you don't have a Right to know what actions have been taken to mitigate/fix it.
(These details could easily lead to compromises of the same network in the future)

BlueShift

1692 posts

Uber Geek

#2511979 25-Jun-2020 09:02

Yay! Security by obscurity!

cshwone

1070 posts

Uber Geek

#2511981 25-Jun-2020 09:07

concordnz: Nope, you don't have a Right to know, the details.
(Particularly as it will be under police investigation & releasing that information may compromise that.)

Yes, you have a Right to know that there HAS been a breach (which it looks like you have been told)

NO, you don't have a Right to know what actions have been taken to mitigate/fix it.
(These details could easily lead to compromises of the same network in the future)

The OP wasn't asking for the details of the breach. Just what merchant is involved. I too would expect that information to be made available to at least allow me to assess if I want to continue with that particular merchant or seek alternatives.

SaltyNZ

8218 posts

Uber Geek

Trusted

2degrees

Lifetime subscriber

#2511997 25-Jun-2020 09:26

BlueShift:

Yay! Security by obscurity!

Security by obscurity is a thing. Knowledge of your opponent is always the first step in attacking them. The harder you make it to gain that knowledge, the harder you make it to exploit.

The lesson that you should take away is not that obscurity is not security, it is that obscurity must not be your only security. A vault door needs a lock, but it's still helpful for the door to be located in a dark basement, inside a disused lavatory with a 'Beware of the Leopard' sign on the door.

iPad Pro 11" + iPhone 15 Pro Max + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

concordnz

472 posts

Ultimate Geek

Trusted

EMT (R)

#2512003 25-Jun-2020 09:47

cshwone:
concordnz: Nope, you don't have a Right to know, the details.
(Particularly as it will be under police investigation & releasing that information may compromise that.)

Yes, you have a Right to know that there HAS been a breach (which it looks like you have been told)

NO, you don't have a Right to know what actions have been taken to mitigate/fix it.
(These details could easily lead to compromises of the same network in the future)

The OP wasn't asking for the details of the breach. Just what merchant is involved. I too would expect that information to be made available to at least allow me to assess if I want to continue with that particular merchant or seek alternatives.

Nope, you still don't have any 'right' to that information,
Particularly when an active police investigation is likely to be open.

(In 6-12months when investigations are complete - you may see a police announcement that 'such & such' a network was penetrated - it was investigate (culprits caught or not) & also further recommendations made and implemented. )
THAT is to appropriate time for you to be made aware of that information (not before).

Wander4821

34 posts

Geek

#2512007 25-Jun-2020 10:00

Ah Westpac. I got a credit card with them once, and cancelled it after a few months of them refusing to allow me to set up an online account to make card payments, and refusing to allow me to make payments in person. They don't value their credit card customers, and want them to be deep in the red.

Sounds like they are as reputable as ever...*sarcasm*

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

rugrat

3106 posts

Uber Geek

Lifetime subscriber

#2512033 25-Jun-2020 10:27

I got an email from BNZ saying my card could have been compromised, I could continue using it but only in person and all online transactions blocked.

To verify I tried mobile top up which declined, so rung bank and asked for new card to be sent out with all features enabled. There was no suspicious charges on my account and they wouldn’t tell me why they thought it was comprised. I was left wondering and trying to guess all recent merchants dealt with, was finger pointing in the dark.

Bank waived all normal charges for sending card. Though I did lose new card in last year (First time ever) and they sent new card no charges so maybe charging for replacement cards has stopped.

Wonder if they’ll find a better way for credit card online purchases that doesn’t divulge rarely changing numbers.

MikeAqua

7773 posts

Uber Geek

#2512043 25-Jun-2020 10:44

We can probably work this out.

A bunch of people will have been told their card may be compromised.

Cross reference which merchants they have shopped at.

Mike