Man caught up in worrying myGov scam speaks out
Accounting bodies slam ATO’s use of client linking to tackle fraud woes
Firstmac hackers claim tax file numbers
Financing outfit Firstmac has been hacked, with customer tax file numbers and date of birth among information stolen.
Brisbane-based Firstmac, which gathers deposits for a bank and makes home loans, revealed the attack in an email to customers on Tuesday morning.
Customers have questioned if Firstmac had the correct systems in place. SMH
It marks the latest cyberattack on financial institutions with Latitude Financial last month warning of a breach resulting in information including driver licences and passport details being taken.
Suncorp as well this month had an intruder access some customers’ bank balances and withdraw funds, although money was recovered and it did not characterise the damage as a hack.
Firstmac is a non-bank lender – it says it is Australia’s 12th largest home loan lender – and sponsor of the Brisbane Broncos. It also gathers term deposits for customers on behalf of regulated bank ASX-listed BNK BankingCorporation, which trades as “Goldfields Money”.
Firstmac sent an email, seen by The Australian Financial Review, to customers on Tuesday morning stating that “recently … an unauthorised third party accessed a part of our IT system”.
“Our investigation has identified that an unauthorised third party may have accessed some customer information,” it said.
Firstmac, sponsor of the Brisbane Broncos, has revealed to customers that it was hacked. Getty Images
One customer, who said they had a term deposit, said that a review had found the personal information including the person’s name, tax file number, date of birth, and contact information were among “impacted files”.
The customer, who said they had taken a term deposit because of the seemingly good rates on offer compared to other banks, told the Financial Review they “were concerned about the cyber incident and whether [Firstmac] have correct systems in place”.
The email from Firstmac, owned by the family of Brisbane businessman Kim Cannon, said it had engaged identity and cyber support outfit IDCare to provide free support for customers.
It also advised people to be alert for further scams and to potentially contact the Australian Tax Office “so that they can monitor any unusual or suspicious activity”. “If required, they can enable additional monitoring on your account,” the email said.
“We sincerely apologise for any concern this update may cause.”
Firstmac did not answer questions about how large the breach was or which authorities had been notified.
“As soon as we detected the incident, we took steps to secure our system,” a Firstmac spokesman said. “We also engaged forensic experts to investigate what has happened. Our investigation is ongoing.
“We will continue to communicate with all our stakeholders in a timely and transparent manner throughout this process, in line with our values as a family business that treats our customers as real people.”
Liam Walsh writes on investigations and companies with The Australian Financial Review. He has won multiple media awards, worked in Japan and is now based in Brisbane.Email Liam at liam.walsh@afr.com.au
