Exclusive: Australian lender Firstmac falls victim to ransomware gang EMBARGO
Hackers claim to have databases, source codes and “sensitive customer data” a day after the lender notified customers of a potential data breach.
A fledgling ransomware gang has taken responsibility for hacking into Australian non-banking lender Firstmac.
In fact, Firstmac is only the second victim of the EMBARGO gang after it claimed its first victim – the Mulford Construction Company in the United States – on April 21.
EMBARGO posted about the Firstmac hack on its darknet leak site overnight on April 30, the same day Firstmac notified its customers about the cyber incident.
According to EMBARGO, hackers stole more than 500 gigabytes of data, including “entire databases, source codes, [and] sensitive customer data.
The gang has not stated its ransom demand or shared any evidence of the attack. A countdown on the leak site indicates that the deadline for the rescue will be May 8.
Firstmac said it had been affected by a “cyber incident” in an email seen by several media outlets, including fellow Momentum Media partner Mortgage Business.
“We recently experienced a cyber incident where a limited part of our IT system was accessed by an unauthorized third party,” a Firstmac spokesperson told Mortgage Business yesterday (April 30).
“As soon as we detected the incident, we took measures to protect our system. We also hired forensic experts to investigate what happened. Our investigation is ongoing.
“As our investigation continues, we will continue to communicate with all of our stakeholders in a timely and transparent manner throughout this process, in line with our values as a family-owned business that treats our customers like real people.”
Being a new operation, EMBARGO is relatively unknown. On its information page, the gang describes itself as “an international team with no political affiliation.”
UPDATE 01/05/24: When contacted for further comment on the ransomware attack, Firstmac responded with the same statement provided to Mortgage Business.