Aussie financial service provider Firstmac warns of data breach

Australian-based home and investment loans service provider Firstmac is warning customers of a data breach after a hacking group leaked 500 GB of stolen info online.

According to a breach notice sent by Firstmac to affected customers and seen by Have I Been Pwned’s Troy Hunt, the company suffered a cybersecurity incident that led to unauthorized access to certain parts of its IT systems.

Although the incident is said to have been contained, a preliminary investigation revealed that threat actors gained access to some sensitive information on current and former customers, including:

• Name and date of birth
• Contact info including physical address, email and phone number
• External bank account data (BSB and account number only)
• Driver’s license number

The letter adds that there is currently “no evidence of impact to your account and your funds are secure.”

Source: Troy Hunt

The company also stressed that its systems have been secured and it has introduced mandatory security measures.

“We already have robust security processes in place for any account access changes, which will require you to confirm your identity using either Biometrics or Two Factor Authentication,” the letter reads.

“Out of an abundance of caution, we are taking extra precautions to confirm the identity of our customers before actioning any requests related to customer accounts. “

Investigators at BleepingComputer say that a new extortion/ransomware player called Embargo has claimed responsibility for the attack. The Embargo gang listed all the stolen data on its leaked website on April 30, 2024. It includes documents, source code, data backups alongside the customer data listed above.

Recommendations for impacted customers

· Enroll in identity theft protection services

· Stay vigilant and monitor bank accounts for suspicious activity

· Report any unusual activity to your bank

· Be wary of unsolicited messages, phone calls or texts

You can check suspicious messages for free with Scamio:

Scamio is an AI-powered tool dedicated to helping you identify potential scams that can impact your finances and wellbeing. When you are unsure about an offer you see online, request or message, check it with Scamio  WhatsApp, Facebook Messenger, or web browser.

Unsure what steps to take following a data breach?

Use Bitdefender Digital Identity Protection, our dedicated identity protection service. It empowers you to take control over your online presence and personal data by offering a detailed overview of your digital footprint, including traces of data from no longer-used services. Moreover, it notifies you in real time of breaches and lets you patch weak points in your digital footprint in just a couple of steps.