Firstmac has said it is “urgently investigating” the nature and extent of a data package published on a darknet leak site purporting to be from Firstmac’s system.
After having said that it had experienced a “cyber incident” in which an unauthorised third party accessed the IT system last month, Firstmac is now looking into a mountain of internal and customer data that has been released onto the dark web.
According to our sister brand Cyber Daily, the hackers claiming responsibility for the break – the EMBARGO ransomware gang – had given the lender a ransom deadline of 8 May.
With this deadline now having passed, the group has now uploaded a data package of over 500 GB to its leak site.
Cyber Daily said that the data is in three parts, with parts two and three labelled ‘Source code archive’ and ‘database backups’, respectively.
While some of the web addresses hosting the data are timing out, EMBARGO has also posted several sample documents and files and customer data has clearly been impacted.
For example, one file shows the details of a Firstmac customer’s loan, including the individual’s address and account balances. Another shows tables relating to loan and financing details, as well as more balance and account information.
Another document lists transaction IDs against dozens of Firstmac customers, along with more addresses and their email details.
The gang also published the emails and phone numbers of several of Firstmac’s C-suite and IT team, alleging that these are “Contacts of Responsible Persons”.
A Firstmac spokesperson told Cyber Daily: “We are aware that an unauthorised third party has claimed to have published a subset of Firstmac data externally. We are urgently investigating the nature and extent of the data that has been published.
“Firstmac has already conducted a comprehensive review of impacted files and we are notifying impacted individuals directly, in accordance with our regulatory obligations.
“We are also communicating with our partners, to ensure they have the information they need.”
Firstmac has not yet said how many of its customers have been impacted by the data breach.
[Related: Non-bank lender hacked]