This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Westpac

Summary

Westpac Bank was infected by the Sasser worm starting on Tuesday, 4 May 2004, forcing some branches to abandon their computer systems and revert to pen and paper to complete customer transactions. The infection later spread to Westpac's branches in New Zealand before systems were cleaned and restored by Thursday.

What Happened

The Sasser worm spread across the internet in early May 2004, exploiting a vulnerability in Microsoft Windows systems. Westpac Bank's computer systems were infected starting on Tuesday, 4 May 2004, as part of the global outbreak that affected organisations worldwide.

The worm exploited a buffer overflow vulnerability in the Local Security Authority Subsystem Service (LSASS) on Windows 2000 and Windows XP systems. Once infected, computers would repeatedly crash and reboot, rendering them unusable for normal banking operations. The worm spread automatically across networks without requiring user interaction, allowing it to propagate rapidly through Westpac's systems.

When branch computers became infected and started crashing repeatedly, staff had to abandon their PC-based systems and revert to manual pen-and-paper processes to allow branches to continue serving customers. The infection initially hit Australian branches before spreading to Westpac's New Zealand operations later in the week. By Thursday, 6 May 2004, Westpac had cleaned infected systems and branches returned to normal electronic operations.

Impact on Individuals

While no customer data was compromised, the incident caused operational disruption:

  • Service delays: Customers experienced longer wait times as manual processing is slower than electronic systems
  • Limited services: Some banking functions that require computer systems may have been temporarily unavailable
  • Transaction processing: Manual recording of transactions created potential for delays in processing
  • Cross-border impact: The spread to New Zealand branches affected Westpac customers in multiple countries

The incident demonstrated how malware could disrupt banking operations even without compromising customer data or security systems.

Organisational Response

Westpac staff implemented manual backup procedures using pen and paper to maintain customer service while computer systems were unavailable. The bank's IT teams worked to identify infected systems, clean the worm and apply the necessary Microsoft security patches to prevent reinfection.

By Thursday, 6 May 2004, Westpac had successfully restored its computer systems and branches returned to normal electronic operations. The incident occurred during a global Sasser worm outbreak that affected major organisations including banks, airlines, government agencies and other critical infrastructure providers. The worm's creator, 18-year-old German student Sven Jaschan, was arrested on 7 May 2004.

Verification Source: View original statement