HQ/EMEAFind out how we can help your business
The Australian non-bank lending company, Firstmac Limited, has notified customers of a data breach incident after the new Embargo cyber-extortion group disclosed over 500GB of alleged stolen data that they own.
Firstmac is an Australian financial services business focusing on mortgage lending, investment management, and securitisation services. Earlier this week, a researcher posted an example of the notification letter sent to Firstmac customers warning them of a severe data breach.
The company initially experienced a cyber incident after an unauthorised third party accessed a part of our IT system. Hence, as soon as they detected the incident, they immediately took steps to secure their system.
However, Firstmac’s investigation concluded that various information suffered a compromise during the attack. As of now, the confirmed data that the hackers acquired are full names, residential addresses, email addresses, telephone numbers, dates of birth, external bank account details, and driver’s licence numbers.
Despite this report, Firstmac informed recipients that their accounts and payments were safe and the company’s systems had been suitably strengthened. Among the security improvements implemented was a new requirement for all account updates to verify the user’s identity via 2FA or biometrics.
Furthermore, the recipients of the alerts will receive free identity theft protection services from the company. Firstmac also warns them about unsolicited communications and reminds them to check their account statements regularly so they can easily identify unusual activities.
The newly emerged Embargo cyber-extortion group claimed responsibility for the attack on Firstmac.
Last month, Australian news outlets reported on the cyberattack on Firstmac after the Embargo cyber-extortion group announced the incident on their data dump site.
This group released all of the data last week, claiming it all came from Firstmac’s computers. The group stated that the dataset includes papers, source code, email addresses, phone numbers, and database backups.
Currently, the threat group’s extortion page only identifies two victims, and it is unclear whether they performed the breaches themselves or purchased the stolen data from others to extort the owners.
Embargo encryptor samples have yet to be discovered. Therefore, it is unclear whether they are a ransomware gang or solely focused on extortion.
