Australia’s Top Non-Bank Lender Issues Dire Warning of Massive Data Breach

Firstmac Limited, a major player in Australia’s financial services industry, recently experienced a data breach. Just one day after the new Embargo cyber-extortion group claimed to have stolen over 500GB of data from the company, Firstmac began warning customers of the incident.

With a focus on mortgage lending, investment management, and securitization services, Firstmac is headquartered in Brisbane, Queensland. The company has issued 100,000 home loans and currently manages $15 billion in mortgages, employing 460 people.

Recently, we came across a sample of the notification letter sent to Firstmac customers, which detailed the severity of the data breach.

The letter explained that an unauthorized third party accessed part of Firstmac’s IT system. Upon detecting the incident, the company immediately took steps to secure their system.

Following an investigation conducted with the help of external cybersecurity experts, Firstmac confirmed that the following information was compromised:

• Full name
• Residential address
• Email address
• Phone number
• Date of birth
• External bank account information
• Driver’s license number

Despite the breach, Firstmac assured customers that their accounts and funds remain secure, and the company has since strengthened its systems.

Among the security measures introduced is a new requirement for all account changes to confirm the user’s identity using two-factor authentication or biometrics. Customers who received the notice are also provided with free identity theft protection services through IDCare and are advised to remain cautious with unsolicited communications and regularly check their account statements for unusual activity.

New Embargo gang claimed the attack

Australian news outlets reported about the attack on Firstmac in late April after the Embargo extortion group announced it on its data leak site.

On Thursday, Embargo leaked all data they claimed to have stolen from Firstmac’s systems, including documents, source code, email addresses, phone numbers, and database backups.

The new threat group currently only lists two victims on its extortion page, and it’s unclear whether they committed the breaches themselves or bought the stolen data from others to blackmail the owners.

Samples of Embargo encryptors have yet to be found, so it’s unknown if they are a ransomware group or simply focus on extortion.

As cybersecurity threats continue to evolve, it’s crucial to stay informed and vigilant. We encourage you to keep coming back to learn more about the latest developments in cybersecurity and how you can better protect your personal information. Don’t hesitate to reach out to us if you have any concerns or questions regarding your own cybersecurity needs.