Share this article on:
Firstmac’s hackers have published customer transaction details, addresses, loan data, and more in a 500-gigabyte data leak.
The hackers behind last week’s ransomware attack on Australian lender Firstmac have published a swathe of internal and customer data on its darknet leak site.
Firstmac first reported the incident on 30 May, with the EMBARGO ransomware gang taking credit for the hack a day later.
The gang had given Firstmac a ransom deadline of 8 May, and true to its word, the gang has now uploaded the entire 500-plus gigabytes of data to its leak site.
The data is in three parts, with parts two and three labelled “Source code archive” and “database backups”, respectively. The gang also published the emails and phone numbers of several of Firstmac’s C-suite and IT team, alleging that these are “Contacts of Responsible Persons”.
Firstmac is aware of the publication of its data.
“We are aware that an unauthorised third party has claimed to have published a subset of Firstmac data externally. We are urgently investigating the nature and extent of the data that has been published,” a Firstmac spokesperson told Cyber Daily.
“Firstmac has already conducted a comprehensive review of impacted files, and we are notifying impacted individuals directly, in accordance with our regulatory obligations. We are also communicating with our partners to ensure they have the information they need.”
Thankfully, for now, at least, the onion addresses hosting the data are timing out. However, the gang has also posted several sample documents and files, and customer data has clearly been impacted. One file shows the details of a Firstmac customer’s loan, including the individual’s address, account balances, and a field labelled “IsIslamic” – set to “0” in this case, presumably suggesting the customer is not Muslim. Another document lists transaction IDs against dozens of Firstmac customers, along with more addresses and their email details.
Another screenshot shows folders containing AWS credentials, while others appear to list SQL tables related to loan and financing details, as well as more balance and account information.
Firstmac has not yet said how many of its customers have been impacted by the data breach.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.