Overview
- More than 30,000 Australian banking credentials were harvested over four years via infostealer malware infections on personal devices.
- The exposed data includes details from customers of Commonwealth Bank, NAB, ANZ, and Westpac, with one bank seeing 10,000 accounts affected.
- The Australian Banking Association confirmed the breaches originated from infected customer devices, not bank security systems.
- Multi-factor authentication, while widely used, has been deemed insufficient to fully protect against such malware attacks.
- Experts and institutions urge a unified response involving banks, government agencies, cybersecurity professionals, and the public to address endpoint vulnerabilities and prevent financial fraud.