Firstmac hacked by ransomware gang

Firstmac has become the latest lender to be targeted by cyber criminals, with the lender confirming that it has experienced a “cyber incident” in which an unauthorised third party accessed the IT system.

It is not yet known the size or extent of the breach; however, our sister title Cyberdaily.com.au has revealed that fledgling ransomware gang EMBARGO has taken responsibility for the hack and claimed that they have stolen more than 500 gigabytes of data, including “full databases, source codes, sensitive customer data”.

According to Cyberdaily.com.au, the hackers have not published their ransom demand on their darknet leak site, nor shared any proof of the hack. However, a countdown on the leak site points to a ransom deadline of 8 May.

Firstmac has not confirmed these reports nor released further information relating to the matter.

However, a Firstmac spokesman said that the lender has “engaged forensic experts to investigate what has happened” and an investigation is ongoing.

“We recently experienced a cyber incident where an unauthorised third party accessed a limited part of our IT system,” they said.

“As soon as we detected the incident, we took steps to secure our system. We also engaged forensic experts to investigate what has happened. Our investigation is ongoing.

“As our investigation continues, we will continue to communicate with all our stakeholders in a timely and transparent manner throughout this process, in line with our values as a family business that treats our customers as real people.”

Lenders targeted by cyber criminals

Firstmac is the latest lender to have been targeted by cyber criminals, following several high-profile instances, including the Latitude breach, which saw millions of customer information files – including driving licence numbers – stolen and resulted in the lender having to go offline.

Latitude last year revealed it had received a ransom demand from the criminals behind the major cyber attack on the company. It stated it would not pay a ransom – a decision consistent with the position of the Australian government.

The attack reportedly cost the company $76 million of pre-tax costs and provisions related to it, according to its financial accounts from last year.

Given the rising frequency of attacks, including several high-profile cases from outside of the finance industry (including Medicare and Optus), the government and lending industry have been working hard to shore up defences. This includes the Scam Safe Accord, which includes:

• A $100 million investment by banks in a new confirmation of payee system, ensuring people can confirm they are transferring money to the person they intend to.
• Introducing more warnings and payment delays to protect customers.
• Adopting further technology and controls to help prevent identity fraud, such as the use of at least one biometric check for new individual customers opening accounts.
• Investing in a major expansion of intelligence sharing across the sector.
• All banks to implement anti-scams strategies.

However, Stephen Jones MP, the Assistant Treasurer and Minister for Financial Services, said last year that he does not believe there should be a “blanket rule” to make banks and lending institutions responsible to recover the costs of scams and cyber attacks.

Cost of scams is falling

While the frequency of attacks and scams are rising, it is believed that the cost to consumers relating to scams has been falling.

According to the 2023 Targeting Scams Report by the National Anti-Scam Centre, while there was an 18.5 per cent increase in scam reports in 2023, financial losses dropped by around $400 million to $2.7 billion (down 13 per cent on the previous year).

The Australian Banking Association chief executive Anna Bligh said there were positive signs that progress was being made in the war against scammers.

“It’s absolutely devastating when we see Australians lose money to the criminal gangs operating these sophisticated scams,” said Bligh.

“While scam reports increased, financial losses are down, which shows Australians are alert to the risks and collective efforts from Government, banks, telcos and other industries are making a difference.

“Scams are a scourge on our society, and banks are working around the clock to protect Australians and put scammers out of business.

“The banking industry’s Scam-Safe Accord is a major step-up in protections from banks to shield consumers from scammers. It’s a set of world-leading safeguards by banks to help keep the money of Australians safe.”

Banks are now regularly stopping payments to crypto exchanges used to siphon money out of Australia as well as detecting and blocking transfers to dodgy bank accounts.

“Scam-proofing Australia will require a collective effort. Better protecting Australians from scams can only be achieved if every part of the chain leans in as hard as they can,” said Bligh.

“We need to be hitting scammers from all angles. Banks and the telcos have said they will back the Government’s mandatory scams code, and I strongly encourage the social media platforms to do the same.”

[Related: Latitude reveals impact of cyber attack in 1H23 results]