Add Category
Non-bank mortgage lender Firstmac has suffered a cyber attack where customers' personal details have been leaked online.
The details include names, contact information, dates of birth, bank account information and driver's licence numbers.
Some customers were contacted by email on Friday, and the company posted a statement on its website on Saturday saying that it "recently experienced a cyber incident" where an "unauthorised third party" accessed a "limited part" of its IT system.
A spokesperson for Firstmac said the company was aware of the incident and was urgently investigating it with cyber security experts, but the investigation would take some time due to its complexity.
"We have conducted a comprehensive review of impacted files and we are notifying impacted individuals directly, in accordance with our regulatory obligations," the spokesperson said.
It also said it had provided recommendations to impacted customers and engaged the services of IDCARE, Australia's national identity and cyber support community service, for support.
"If our customers do not hear from us, that is because our ongoing investigation has not discovered any evidence they are affected by this incident," the spokesperson said.
ABC employee Timothy Wharton and his wife Amanda Lang found out on Friday that their information had been exposed in the cyber breach.
They were informed that the leaked information included their names, residential address, email addresses, phone numbers, dates of birth, drivers' licence numbers, as well as bank account number and BSB.
"They (Firstmac) just said this is what's happened, they've engaged IDCARE national security cyber support community service, and suggested that we contact them as to what to do," Mr Wharton said.
The couple have had to update their drivers' licences and put a credit ban on their bank accounts.
Having also been part of the Optus and Medibank data breaches, Mr Wharton and Ms Lang feel that Firstmac has handled the aftermath of the cyber attack well, but are still disappointed it happened in the first place.
"I'm really impressed with the way that they've come back and told us exactly what information got stolen, and the fact that they made it very easy for us to legitimately find a pathway forward," Ms Lang said.
"We've had guidance on what to do to safeguard ourselves, so I feel pretty confident that we have safeguarded ourselves."
Ms Lang said she would like to see banks cross-check account names when transfers are made, and businesses delete customer's private data after they've done the necessary checks.
"I would like to see that they don't hold on to it, so there's minimal risks. Therefore, you're taking away the carrot of the scammer to try and get into their systems," she said.
Mr Wharton asked why banks and other businesses weren't updating their cybersecurity more frequently to make sure it's up to date.
"The hackers always seem to be one step ahead," he said.
"It just annoys me.
"They (Firstmac) have been very diligent in letting us know [about the breach], but how come it happened?"
ABC