The bank confirmed the incident late on Monday but did not say how many Australians had been affected.

"Westpac can confirm we had detected mis-use of the NPP’s PayID functionality and we took additional preventative actions which did not include a system shutdown," a spokesman said.

"No customer bank account numbers were compromised as a result.

"There has been no further inappropriate activity detected."

The reports emerged after user "Two Bob" wrote an ominous message on the online forum Whirlpool, often frequented by insiders of the Australian technology, broadband and banking industry, explaining what they had heard.

"I've heard gossip on the wires that Westpac experienced an event last week that doesn't seem to have made the news," Two Bob wrote at 11.38am on Monday.

"Their NPP service was attacked, [with] an unknown party repeatedly pinging [it] tens of thousands of times, hitting the PayID name lookup service to confirm PayID mobile numbers, each successful request returning the account holder's name associated with the phone number.

"Westpac shut their NPP logon for several hours to stop the attack. Identity theft, much?"

By about 5pm — after The Sydney Morning Herald and The Age contacted Two Bob — the post was edited to remove the details, leaving behind just "I've heard gossip on the wires that ...."

NPP Australia, which runs the New Payments Platform, said it could not comment.

"NPPA can't comment on individual banks and any issues at their level," a spokeswoman said.

However, she said that participating financial institutions were "required to have measures in place to monitor PayID use for unusual activity and ensure PayID is not used by customers or customer applications to mine data for fraudulent purposes".

"It's also important to remember that PayID has been designed to provide more reassurance during the payments process," the spokeswoman said. "It enables a payer to see the name associated with the PayID to reduce the risk of a mistaken payments or scam."

The Privacy Commissioner would not confirm whether Westpac had informed it of the matter.

"Where we are made aware of a potential privacy incident or notifiable data breach, the OAIC may engage with the organisation involved to establish the facts of the matter," a spokeswoman said. "In line with our regulatory action policy, we do not generally comment about specific incidents."

Banks have been under pressure from the Reserve Bank to roll out PayID to customers more quickly, after it was launched last year. But it was not initially offered by all of the big four.

The service, which uses the New Payments Platform infrastructure, allows money to be transferred in near real-time between customers of either the same or different banks.

The incident comes amid a warning from the regulator of the growing cyber risks to financial businesses and the risk they pose to Australian banks' reputation being easily destroyed by such an incident.

"With financial sector trust damaged, it only takes one media exposé or social media outcry to cause a company serious financial damage, often in the space of days or hours, rather than weeks or months," Australian Prudential Regulation Authority deputy chair John Lonsdale warned on Monday.