Threat Actor: Embargo extortion group | Embargo extortion group
Victim: Firstmac Limited | Firstmac Limited
Price: Not mentioned in the article
Exfiltrated Data Type: Personal information (name, contact information, date of birth, external bank account information, driver’s license number)
Additional Information :
- Firstmac Limited is one of the largest non-bank lenders in Australia.
- The company experienced a cyber incident where an unauthorized third party accessed a part of their IT system.
- They took immediate steps to secure their system and engaged cyber security experts for investigation.
- An unauthorised third party accessed some customer information.
- Exposed personal information includes name, contact information, date of birth, external bank account information (BSB and account number only), and driver’s license number.
- No evidence of impact on the accounts of current customers and their funds are secure.
- Impacted customers are provided with IDCare identity theft protection services.
- Customers are advised to be vigilant and check their bank accounts for any suspicious activity.
Firstmac Limited, one of the largest non-bank lenders in Australia, disclosed a data breach.
Firstmac Limited is an Australian owned company with experience in home and investment loans. They have a range of market insurance products backed by international company, Allianz Group. International ratings agency Standard & Poors gives Firstmac its highest possible ranking (strong) for loan serviceability abilities.
The Embargo extortion group this week leaked over 500GB of data allegedly stolen from the company.
The company is notifying the impacted customers.
“Firstmac recently experienced a cyber incident where an unauthorised third party accessed a part of our IT System.” reads the notice of data breach sent to the impacted individuals and published by the popular researcher Troy Hunt. “As soon as we detected thè incident, we took steps to immediately secure our System. We also engaged cyber security experts to assist us with our investigation. Unfortunately, our investigation has identified that an unauthorised third party has accessed some customer information.”
Exposed personal information includes:
- Name
- Contact Information (residential address, email address and/or phone number)
- Date of Birth
- External bank account information (BSB and account number only)
- Driver’s licence number
The Australian non-bank lender added that there is no evidence of an impact on the accounts of current customers, it also remarked that their funds are secure.
“It is important to note that our systems are secure. We already have robust security processes in place for any account access changes, which will require you to confirm your identity using either Biometrics or Two Factor Authentication.” continues the notice.
Firstmac Limited provides impacted customers with IDCare identity theft protection services, it also recommends being vigilant and checking their bank accounts for any suspicious activity.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, ransomware)
Original Source: https://securityaffairs.com/163064/data-breach/firstmac-limited-disclosed-data-breach.html