Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cyber Security incident. Show all posts

Mortgage Lender Hacked, Customer Credit Card Details Leaked on Dark Web

 

The non-bank mortgage lender Firstmac has been hit by a cyberattack, resulting in the theft and publication of customer details such as credit card numbers, passport numbers, Medicare numbers, and driver’s licence details on the dark web.

Firstmac, a major non-bank lender based in Brisbane, informed its customers via a letter that an unauthorized party had breached its IT systems. The company stated, “Our ongoing investigation has found evidence that some personal information of our customers has been accessed.”

Firstmac assured affected individuals that they were being notified directly and advised on steps to protect themselves from scams or phishing attempts, in accordance with regulatory requirements. The firm also mentioned that relevant authorities had been informed and were being kept updated on the investigation’s progress.

The technology publication Cyberdaily reported that the hackers responsible for the attack had posted a significant amount of data on the dark web. The ransomware group EMBARGO claimed responsibility for the hack, which occurred in April, and had set a ransom deadline of May 8. Cyberdaily provided screenshots from EMBARGO’s website showing customer addresses, financial details, and email addresses, as well as the contact details of several Firstmac executives and IT team members.

The extent of the breach in terms of affected customers and employees remains unclear. Firstmac was contacted for additional comments on the situation.

Firstmac announced that it had enlisted IDCARE, Australia’s national identity and cyber support service, to assist customers. IDCARE’s services are available at no cost to affected individuals, with expert Case Managers ready to address concerns about the potential misuse of personal information.

The company emphasized that its systems were functioning normally, operations were unaffected, and customer funds were secure. They stated there was no evidence of any impact on customer accounts.

This incident is part of a growing trend of cyberattacks on high-profile Australian organizations. According to the Australian Signals Directorate, over 127,000 hacks against Australian servers were recorded in the 2022-23 financial year, marking a 300% increase from the previous year.

Last year, a data breach at Melbourne travel agency Inspiring Vacations exposed about 112,000 records, totaling 26.8 gigabytes of data, due to a non-password protected database. This breach adds to a list of incidents affecting companies such as Optus, HWL Ebsworth, Latitude Financial, Medibank, DP World, and Dymocks, reflecting a “new normal” of frequent attacks and data leaks.

The Optus breach, in particular, led to new legislation imposing stricter penalties for serious or repeated customer data breaches. Companies failing to protect data now face fines exceeding $50 million.

Attorney-General Mark Dreyfus emphasized the need for robust data protection, stating, “When Australians are asked to hand over their personal data they have a right to expect it will be protected,” and noted that recent significant breaches demonstrated the inadequacy of existing safeguards.

Australia recently abandoned plans to ban ransomware payments, instead opting for mandatory reporting obligations. Research by IT firm Cohesity found that 92% of Australian IT executives would pay a ransom to recover data and restore business processes, with a significant number willing to pay over $US3 million, and some over $US5 million.

Cybersecurity Minister Clare O’Neil highlighted the issues with paying ransoms, stating, “Every time a ransom is paid, we are feeding the cybercrime problem,” and stressed the need for more foundational work before considering a ban on ransom payments.

Cyber Intruders Disrupt Operations at Beirut International Airport

 

Over the weekend, the Flight Information Display Screens at Beirut's international airport fell victim to a hacking incident that not only showcased politically motivated messages but also temporarily disrupted baggage inspection, according to local media reports.

The hackers seized control of the screens at Beirut-Rafic Al Hariri International Airport, replacing the usual plane departure and arrival information with a statement accusing Hezbollah, the Iran-backed militant group based in Lebanon, of leading the country into conflict with Israel. A segment of the message directed blame at Hezbollah, stating, "You bear your responsibility and its consequences, Hezbollah."

Airport authorities disclosed that the cyber attack briefly interfered with the passenger baggage inspection system. However, they emphasized that the flight schedule remained unaffected. Additionally, hackers reportedly sent fake messages to some passengers on behalf of Middle East Airlines, a claim promptly refuted by the airline.

Recent heightened tensions between Lebanon and Israel, marked by frequent exchanges of fire, further amplify the significance of the cyber incident. In a recent Israeli strike on Lebanon, a senior commander in Hezbollah's elite forces was reportedly killed. Israeli officials had previously expressed a preference for restoring security without engaging in a full-scale war with Hezbollah, though readiness for such action was affirmed if necessary.

Attribution for the airport hack points to two domestic hacker groups: The One Who Spoke, a relatively unknown entity, and Soldiers of God, a Christian group previously associated with campaigns against the LGBTQ+ community in Lebanon. The latter group denied involvement. However, reports suggest that "external parties" could be behind the attack, utilizing the names of Lebanese hacker groups to either conceal their identity or incite tension. Some believe that local hackers might lack the requisite technology and capabilities for such an attack.

An anonymous security source, speaking to a Lebanese TV channel, raised the possibility of Israel's involvement as a potential culprit behind the cyber attack. Lebanon's Minister of Public Works and Transportation, Ali Hamieh, provided updates during a press conference on Monday, revealing that approximately 70% of the compromised airport screens had resumed normal operations. As a precautionary measure, the airport was disconnected from the internet to mitigate further damage. The country's security services are actively investigating the hack, with Hamieh anticipating a conclusive determination on whether the breach is internal or external in the coming days.