Australia’s biggest non-bank lender hit by cyber hack

  • FST Media
  • 14 May 2024
firstmac hack cyber breach

Firstmac, a major non-bank Australian lender, has confirmed that its IT systems have been breached by an “unauthorised third party”, with personal data accessed and distributed publicly.

The company first reported the incident on 30 April, admitting it had suffered a “cyber incident” in the preceding days, though it did not clarify the extent of the leak.

Reporters from Cyberdaily revealed that a newly formed ransomware group EMBARGO was responsible for the hack, uploading more than 500 gigabytes of data, including sensitive personal identifiable information (PII), stolen from the firm onto its site.

The hacking gang had reportedly threatened Firstmac with a ransom deadline of 8 May before leaking the stolen content onto its site.

Among the PII reportedly lost and leaked include details of Firstmac customers’ loan and account balances, contact details and addresses.

In a media statement on its website, the Brisbane-based lender admitted that, upon investigation, “some personal information of some of our customers has been accessed”.

“We are notifying all impacted individuals directly and providing steps that they can take to protect themselves from scams or phishing attempts, in line with our regulatory obligations.”

“If you have not heard from us, that is because at this stage of our investigation, our cyber security experts have not found any evidence that you are affected by the incident.”

Firstmac reported that its systems have remained unimpacted by the breach and have been “fully operational” pre- and post-breach.

It added: “There is no evidence of any impact to customers’ accounts and our customers’ funds are safe.”

Firstmac said that steps were immediately taken to secure affected systems and a postmortem investigation initiated as soon as its cyber team detected the incident.

The company has not disclosed how many customers were affected by the breach.

The independently owned lender claims to be Australia’s largest non-bank lender, offering home loans, car loans, asset finance and a dedicated investment fund. The Brisbane-based firm counts more than 500 staff across Australia.

Affected customers, who are being contacted, were advised by Firstmac to engage with the national identity and cyber support community, IDCARE, for post-breach support.

Firstmac is the second reported victim of the EMBARGO group, which claimed its first major hack – of the US-based Mulford Construction Company – on 21 April.

The hacking group claims on its site that it is “an international team without any political affiliations”.

 

Share This Post
Related News
Merger
RAB, Summerland clear key hurdle to merger
Panel discussion
When legacy becomes a launchpad: Rethinking systems, strategy, & culture in insurance – Panel
Sold Sign
Iress completes transformation with sale of QuantHouse
Financial Conduct Authority
UK financial regulator to establish APAC hub with Aussie leadership
Transaction investigation
Swift unveils new capability to fast-track payments delay investigations

This site uses cookies. Find out more about cookies and how you can refuse them.

I Accept