Mortgage lender Firstmac grapples with major cyber breach

Over 500GB data exposed

Mortgage lender Firstmac grapples with major cyber breach


By Roxanne Libatique

Firstmac, a prominent Australian mortgage lender, has reported a major cybersecurity incident involving a ransomware attack that led to the leakage of over 500GB of data.

The breach was identified when an unauthorised entity gained access to a specific portion of Firstmac’s IT infrastructure. The company responded immediately, securing the compromised system and engaging cybersecurity experts to delve into the specifics of the breach.

“Our systems are running as normal, we remain fully operational, and our business operations have not been impacted by this cyber incident. There is no evidence of any impact to customers’ accounts, and our customers’ funds are safe,” it said.

Firstmac customers’ personal details breached

As the investigation continues, it has come to light that personal details of certain customers were accessed during the incident.

Firstmac is directly contacting those affected to outline protective measures against potentially fraudulent activities, in compliance with its regulatory responsibilities.

To assist affected customers, the company has enlisted the help of IDCARE, Australia’s dedicated national service for identity and cyber support. This service is offered to impacted customers at no charge, providing expert assistance in addressing concerns related to the misuse of their personal information.

“If you have received a letter from us, we recommend you carefully review the contents of the letter which outlines the support available, including IDCARE, and the steps you may consider taking to limit the potential impact of the breach, based on the types of information impacted for you,” it said. “If you have not heard from us, that is because at this stage of our investigation, our cyber security experts have not found any evidence that you are affected by the incident.”

Firstmac has also informed appropriate authorities about the incident and is keeping them updated as the investigation progresses.

Impact of Firstmac breach on brokers, aggregators, and partners

For brokers, aggregators, and other partners, Firstmac has indicated that no action is required on their part. The company is handling notifications and support directly with affected individuals to avoid any confusion or unnecessary alarm among customers who have not been impacted.

“If you are not one of our customers, it is important to note there is no action required from you, as we are directly notifying impacted individuals. We kindly ask that you do not proactively reach out to organisations or individuals about this incident, so not to cause confusion or alarm to our customers who are not affected,” it said.

In the first quarter of 2024, Australia saw a significant increase in data breaches, with reports revealing that 1.8 million user accounts were compromised.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!