Firstmac Limited is warning customers that it suffered a data breach a day after the new Embargo cyber-extortion group leaked over 500GB of data allegedly stolen from the firm.
Firstmac is a significant player in Australia's financial services industry, focusing primarily on mortgage lending, investment management, and securitization services.
Headquartered in Brisbane, Queensland, and employing 460 people, the firm has issued 100,000 home loans and currently manages $15 billion in mortgages.
Yesterday, Have I Been Pwned creator Troy Hunt published on X a sample of the notification letter sent to Firstmac customers, informing them of a severe data breach.
Despite that, Firstmac assured recipients that their accounts and funds are secure, and the firm's systems have now been appropriately bolstered.
Among the measures that were introduced to strengthen security is a new requirement for all account changes to confirm the user's identity using two-factor authentication or biometrics.
Recipients of the notices are provided with free identity theft protection services through IDCare and are advised to remain cautious with unsolicited communications and regularly check their account statements for unusual activity.
Australian news outlets reported about the attack on Firstmac in late April after the Embargo extortion group announced it on its data leak site.
On Thursday, Embargo leaked all data they claimed to have stolen from Firstmac's systems, including documents, source code, email addresses, phone numbers, and database backups.
The new threat group currently only lists two victims on its extortion page, and it is unknown if they have committed the breaches themselves or bought the stolen data from others to blackmail the owners.
Samples of Embargo encryptors have yet to be found, so it's unknown if they are a ransomware group or simply focus on extortion.
Europol confirms web portal breach, says no operational data stolen.
The Post Millennial hack leaked data impacting 26 million people.
Chipmaker Nexperia confirms breach after ransomware gang leaks data.
Hacker claims Giant Tiger data breach, leaks 2.8M records online.
AT&T now says data breach impacted 51 million customers.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 13 May 2024 00:44:05 +0000