Login
ISCOVER
Following on from the alleged release of Firstmac customer data on the dark web, the non-bank has outlined what steps brokers should take next.
In April, non-bank lender Firstmac said that it had experienced a “cyber incident” in which an unauthorised third party accessed the IT system.
To continue reading the rest of this article, please log in.
Looking for more benefits? Become a Premium Member.
Create free account to get unlimited news articles and more!
Looking for more benefits? Become a Premium Member.
Ransomware gang EMBARGO had taken responsibility for the hack and claimed it had stolen more than 500 gigabytes of data, including “full databases, source codes, [and] sensitive customer data”.
It allegedly held Firstmac to ransom, publishing a ransom demand on its darknet leak site with a ransom deadline of 8 May.
On 9 May, the group has now uploaded a data package of over 500 gigabytes to its leak site.
Our sister brand Cyber Daily said that EMBARGO had posted several sample documents and files and customer data.
Screenshots loaded to the leak site show customer addresses, details of loan and financing details, balance and account information, and email addresses. The email addresses and phone numbers of several of Firstmac’s C-suite and IT team were also allegedly leaked.
A Firstmac spokesperson said that they were aware an “unauthorised third party has claimed to have published a subset of Firstmac data externally”.
“We are urgently investigating the nature and extent of the data that has been published,” they said on Friday (10 May).
The spokesperson said that the non-bank has already conducted a comprehensive review of impacted files and “[is] notifying impacted individuals directly, in accordance with [its] regulatory obligations”.
“If our customers do not hear from us, that is because our ongoing investigation has not discovered any evidence they are affected by this incident,” the spokesperson said.
“We are also communicating with our partners, to ensure they have the information they need.”
When asked by The Adviser what brokers should be advising their Firstmac clients, they said: “Should brokers receive any inquiries from customers related to this incident, we ask them to direct these queries promptly to Firstmac so we can address their questions promptly.
“If customers have received a letter from Firstmac, we recommend brokers refer these customers back to the instructions in this letter, which clearly outlines the support available, including IDCARE, and steps they can take to protect themselves from scams or phishing attempts.”
Firstmac said that there had been no operational impact on business operations and that its systems were “secure”, with business continuing “as per normal.”
The finance industry has been a prime target for cyber crime in recent years, with high-profile attacks impacting non-banks such as Latitude (and resulting in subsequent court cases from impacted customers) as well as the major banks.
Hackers have also been targeting small businesses, often seen as “low-hanging fruit” as they generally have less stringent defences than larger corporates, making them the easiest to access.
Brokers wishing to brush up on their cyber security protocols can do so in The Adviser’s Hacking the hack attack feature here.
[Related: Hacking the hack attack]
JOIN THE DISCUSSION