Firstmac Limited disclosed a data breach after the new Embargo extortion group leaked over 500GB of data allegedly stolen from the company.
Firstmac Limited, one of the largest non-bank lenders in Australia, disclosed a data breach.
Firstmac Limited is an Australian owned company with experience in home and investment loans. They have a range of market insurance products backed by international company, Allianz Group. International ratings agency Standard & Poors gives Firstmac its highest possible ranking (strong) for loan serviceability abilities.
The Embargo extortion group this week leaked over 500GB of data allegedly stolen from the company.
The company is notifying the impacted customers.
“Firstmac recently experienced a cyber incident where an unauthorised third party accessed a part of our IT System.” reads the notice of data breach sent to the impacted individuals and published by the popular researcher Troy Hunt. “As soon as we detected thè incident, we took steps to immediately secure our System. We also engaged cyber security experts to assist us with our investigation. Unfortunately, our investigation has identified that an unauthorised third party has accessed some customer information.”
Exposed personal information includes:
- Name
- Contact Information (residential address, email address and/or phone number)
- Date of Birth
- External bank account information (BSB and account number only)
- Driver’s licence number
The Australian non-bank lender added that there is no evidence of an impact on the accounts of current customers, it also remarked that their funds are secure.
“It is important to note that our systems are secure. We already have robust security processes in place for any account access changes, which will require you to confirm your identity using either Biometrics or Two Factor Authentication.” continues the notice.
Firstmac Limited provides impacted customers with IDCare identity theft protection services, it also recommends being vigilant and checking their bank accounts for any suspicious activity.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, ransomware)