The newest victims of a notorious Russian ransomware gang say they have been terrified by the latest cyber attack on an Australian bond broker that has billions of dollars under advice.
Key points:
- Russian cybercriminals say they have stolen sensitive data from FIIG Securities
- The AlphV group has posted what appear to be screenshots of stolen documents, including passports, on the dark web
- FIIG said it responded as soon as it could, but some clients are worried their data is at risk
FIIG Securities, which has 6,000 Australian investors and $5 billion under advice, confirmed over the weekend that an "unauthorised third party" had hacked its systems.
Russian cybercriminal group AlphV, also known as BlackCat, has claimed responsibility for the attack, posting to the dark web what appears to be evidence of drivers licences, passports and reports stolen from the broker.
The group claims to have 385 gigabytes of material in its possession, including commercially confidential data, according to the cyber threat intelligence platform @FalconFeedsio on Twitter.
"You have 3 day [sic] to contact with us," the group said on its dedicated leak site.
It comes after AlphV posted 1.45 terabytes of data on the dark web late last week after one of Australia's largest law firms, HWL Ebsworth, refused to bend to its ransom demands.
FIIG Securities began contacting clients by email over the weekend, advising them that their personal information, including names, addresses, birth dates, drivers licences, passports, bank accounts and tax file numbers might have been compromised.
It warned clients to be aware of phishing emails and to change their passwords, but was unable to tell them which of their identity documents were at risk.
"We recommend that you review and continue to monitor your consumer credit report for any discrepancies or unusual activity," the email said.
A spokeswoman for FIIG told the ABC that it took steps as soon as it realised the breach had taken place.
"We successfully took our IT systems and our client-facing portal offline to prevent further access to our systems and data," she said.
"We are in the process of methodically and safely restarting our systems."
She said FIIG Securities had reported the incident to the Office of the Australian Information Commissioner.
But FIIG has been criticised by long-term clients who say they are disappointed by the response.
Clients call for unneeded personal data to be 'destroyed'
Jan, who lives on Sydney's lower north shore, said she and her husband were both affected by the hack.
She said the couple had sent photocopies of sensitive documents to the broker.
"That's just absolutely terrifying that all the information is in the hands of unknown parties who could be using them to set up bank accounts engaged in perhaps nefarious activities," she said.
"What's very disappointing is that FIIG has not offered to provide any services to track that sort of activity if accounts are being opened that don't belong to me, nor has there been any word of apology, really, and absolutely no hint of compensation for replacing documents.
"I don't feel comfortable retaining those documents, knowing that they're compromised."
Jan, who did not want her surname used to protect her privacy, said she received the email from FIIG on Sunday, which left her and her husband angst-ridden.
"It points to perhaps a certain negligence or complacency on the part of FIIG, which I find rather surprising given the high-profile cases of cybersecurity incidents we've seen in recent years," she said.
She called on FIIG to look at how it handled data.
"To get right down into the details of whether sensitive information that's not required is being retained inappropriately, to make sure that sensitive data that's not needed is securely destroyed," she said.