Firstmac, the largest non-banking financial company of Australia has just revealed a data breach incident, resulting in sensitive information of their customers being leaked.
This comes a day after the concerned threat group – Embargo released all the stolen data belonging to Firstmac. Yet, the company claims to have strengthened their security and offers a free identity theft protection service to those affected.
Firstmac Data Leak
Firstmac is a major financial institution in the Australian economy that issued over 100,000 home loans, and currently managing $15 billion in mortgages. Besides mortgage lending, the NBFC is also involved in investment management and securitization services, and employs over 450 people.
Today, the company has sent warning emails to its customers reporting of a data breach incident, where an “unauthorised third party” had accessed a part of their IT infrastructure, which resulted in the PII of its customers being leaked.
“As soon as we detected the incident, we took steps to immediately secure our system.“
An investigation into the incident revealed the following information was compromised:
- Full name
- Residential address
- Email address
- Phone number
- Date of birth
- External bank account information
- Driver’s license number
Offering a free identity theft protection to those affected, Firstmac assures its customers that their accounts and funds are secure, and the firm’s systems have now been upgraded to tackle such attacks in the future.
Disclosure notices for the @FirstmacLimited ransomware incident appear to have now gone out: pic.twitter.com/e2SWoRJRTw
— Troy Hunt (@troyhunt) May 10, 2024
Asking the customers to be vigilant on suspicious communications, Firstmac recommends users to verify their account identity through two-factor authentication or biometrics.
Reports on Firstmac’s data breach had popped up in late April, after the Embargo extortion group listed the company on its data leak site. And on Thursday, Embargo leaked all the data belonging to Firstmac – which included documents, source code, email addresses, phone numbers, and database backups.
Relatively a new threat group, Embargo currently has only two victims listed on its extortion page. So it’s unknown if the Firstmac data breach was really committed by them or they just bought the stolen data from others to blackmail the owners.