Westpac - Suspected data breach on a merchant network

Forums › Finance and wealth management › Westpac - Suspected data breach on a merchant network

Dulouz

705 posts

Ultimate Geek

#272442 25-Jun-2020 08:26

I had to get a new credit card because of a suspected data breach on a merchant network. When I asked what merchant network they refused to tell me. I assumed I had a right to know. I mean what other data may have been breached? Surely that's a reasonable request.

Amanon

Handsomedan

3127 posts

Uber Geek

Trusted

Subscriber

#2511966 25-Jun-2020 08:42

Person you were talking to likely didn't know and was probably told not to tell you, even if they found out.

Handsome Dan Has Spoken.
Handsome Dan is also still somewhat perplexed...

concordnz

245 posts

Master Geek

Trusted

EMT (R)

#2511970 25-Jun-2020 08:50

Nope, you don't have a Right to know, the details.
(Particularly as it will be under police investigation & releasing that information may compromise that.)

Yes, you have a Right to know that there HAS been a breach (which it looks like you have been told)

NO, you don't have a Right to know what actions have been taken to mitigate/fix it.
(These details could easily lead to compromises of the same network in the future)

BlueShift

1568 posts

Uber Geek

#2511979 25-Jun-2020 09:02

Yay! Security by obscurity!

cshwone

476 posts

Ultimate Geek

#2511981 25-Jun-2020 09:07

concordnz: Nope, you don't have a Right to know, the details.
(Particularly as it will be under police investigation & releasing that information may compromise that.)

Yes, you have a Right to know that there HAS been a breach (which it looks like you have been told)

NO, you don't have a Right to know what actions have been taken to mitigate/fix it.
(These details could easily lead to compromises of the same network in the future)

The OP wasn't asking for the details of the breach. Just what merchant is involved. I too would expect that information to be made available to at least allow me to assess if I want to continue with that particular merchant or seek alternatives.

SaltyNZ

5476 posts

Uber Geek

Trusted

Lifetime subscriber

#2511997 25-Jun-2020 09:26

BlueShift:

Yay! Security by obscurity!

Security by obscurity is a thing. Knowledge of your opponent is always the first step in attacking them. The harder you make it to gain that knowledge, the harder you make it to exploit.

The lesson that you should take away is not that obscurity is not security, it is that obscurity must not be your only security. A vault door needs a lock, but it's still helpful for the door to be located in a dark basement, inside a disused lavatory with a 'Beware of the Leopard' sign on the door.

iPad Pro 11" + iPhone XS + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

concordnz

245 posts

Master Geek

Trusted

EMT (R)

#2512003 25-Jun-2020 09:47

cshwone:
concordnz: Nope, you don't have a Right to know, the details.
(Particularly as it will be under police investigation & releasing that information may compromise that.)

Yes, you have a Right to know that there HAS been a breach (which it looks like you have been told)

NO, you don't have a Right to know what actions have been taken to mitigate/fix it.
(These details could easily lead to compromises of the same network in the future)

The OP wasn't asking for the details of the breach. Just what merchant is involved. I too would expect that information to be made available to at least allow me to assess if I want to continue with that particular merchant or seek alternatives.

Nope, you still don't have any 'right' to that information,
Particularly when an active police investigation is likely to be open.

(In 6-12months when investigations are complete - you may see a police announcement that 'such & such' a network was penetrated - it was investigate (culprits caught or not) & also further recommendations made and implemented. )
THAT is to appropriate time for you to be made aware of that information (not before).

Wander4821

34 posts

Geek

#2512007 25-Jun-2020 10:00

Ah Westpac. I got a credit card with them once, and cancelled it after a few months of them refusing to allow me to set up an online account to make card payments, and refusing to allow me to make payments in person. They don't value their credit card customers, and want them to be deep in the red.

Sounds like they are as reputable as ever...*sarcasm*

rugrat

2197 posts

Uber Geek

Lifetime subscriber

#2512033 25-Jun-2020 10:27

I got an email from BNZ saying my card could have been compromised, I could continue using it but only in person and all online transactions blocked.

To verify I tried mobile top up which declined, so rung bank and asked for new card to be sent out with all features enabled. There was no suspicious charges on my account and they wouldn’t tell me why they thought it was comprised. I was left wondering and trying to guess all recent merchants dealt with, was finger pointing in the dark.

Bank waived all normal charges for sending card. Though I did lose new card in last year (First time ever) and they sent new card no charges so maybe charging for replacement cards has stopped.

Wonder if they’ll find a better way for credit card online purchases that doesn’t divulge rarely changing numbers.

MikeAqua

6059 posts

Uber Geek

#2512043 25-Jun-2020 10:44

We can probably work this out.

A bunch of people will have been told their card may be compromised.

Cross reference which merchants they have shopped at.

Mike