Major banks including the Commonwealth Bank and Westpac are contacting customers today and cancelling transactional cards after it was revealed that an external merchant had suffered a potential data breach.
While the security breach has not occurred at a bank level, financial institutions have been quick to move against potentially compromised accounts.
After ABC News reported the breach, Commonwealth Bank told ZDNet Australia in a statement that it had so far contacted 8000 customers via SMS, email and letter to inform them of the potential breach, and to advise them that their cards may have been compromised.
The Commonwealth Bank is aware of the potentially compromised cards, and is actively monitoring the accounts and reissuing cards.
"The Bank continuously monitors all credit card transactions to protect our customers from fraud, and during this process we became aware of a potential credit card compromise through an Australian merchant acquired by another bank," CommBank told ZDNet Australia in a statement.
"As the Commonwealth Bank takes protection of customer data very seriously, we moved immediately to protect the accounts of our customers through this proactive approach."
Westpac also confirmed that it had been contacting its customers about the breach, saying that only a "small number" of customers had been affected. The bank added that it had been aware of the breach for around two days.
National Australia Bank (NAB) said that it was aware of the breach, and added that a small number of cards had been affected and cancelled. NAB said that it will use its real-time fraud detection technology to monitor transactions on accounts deemed "at risk", as opposed to cancelling cards outright and inconveniencing customers.
ANZ said that while it has not actively contacted any customers about the situation, it is closely monitoring accounts using its Falcon fraud detection software.
All banks and card providers told ZDNet Australia that any fraudulent transactions would be covered under their various fraud protection schemes.
The name of the breached merchant has been kept confidential.