Select Page

Incident: Finsure confirms ‘cyber incident’ impacting customers and brokers | TheAdviser

Posted by | Nov 27, 2024 | , , , , , , | 0 |

Incident: Finsure confirms ‘cyber incident’ impacting customers and brokers | TheAdviser

Australian Finance Services Privacy Breach, 27 November 2024

Australian mortgage broker Finsure confirms ‘cyber incident’ impacting customers and brokers.

Finsure has confirmed that the marketing data of a number of its brokers and customers was impacted as a result of breach of their third-party provider Activepipe.

Source: Finsure confirms ‘cyber incident’ impacting customers and brokers | TheAdviser

View more incidents relating to the Banking and Finance sector and incidents resulting from Third-Party Risk Management.

Summary:

Finsure, an Australian mortgage broking group, has confirmed a cyber incident that impacted the marketing data of nearly 300,000 brokers and customers. The data breach was linked to a third-party service provider, ActivePipe, and included names, phone numbers, and physical addresses. No financial data or passwords were compromised.

Finsure said it has since worked with the third-party provider – presumably ActivePipe – and the issue has been resolved.

Statements:

  • Finsure: “We have worked with the third-party provider and cyber security experts to review the data on the impacted system. There is no evidence of misuse or publication of any individual’s personal information.”
    ActivePipe: “At no point was the ActivePipe platform breached. We are investigating our legal options as we consider the communication misleading and damaging to our company’s reputation.”
    Impact: The incident has raised concerns within the finance industry, highlighting the need for robust cyber security measures. Finsure has reassured customers that no sensitive financial information was exposed.
    Related Incidents:
    Previous breaches in the finance industry, including Firstmac and Latitude, have prompted increased education and support for brokers to enhance cyber security protocols.
    Conclusion: Finsure remains committed to protecting personal information and has taken steps to address the incident. The company apologizes for any concern caused and continues to work on improving its security measures.

Conclusion:
This is a lower-level breach of basic PII information, though adding the physical address for an individual to the big pool of dark web data is not good. Once again, Third-Party Risk Management is in play, and I wonder if their Information Asset Register had ActivePipe as a holder of PII information.

Related Incidents:
Previous breaches in the finance industry, including Firstmac and Latitude, have prompted increased education and support for brokers to enhance cyber security protocols.

 

Rate:

About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Related Posts

Australia Post Christmas parcel scam: What to look out for | news.com.au

Australia Post Christmas parcel scam: What to look out for | news.com.au

December 13, 2017

Update Incident: Australian Clinical Labs accused of ‘sitting on’ hack that saw patient data posted to the dark web | ABC News Australia

Update Incident: Australian Clinical Labs accused of ‘sitting on’ hack that saw patient data posted to the dark web | ABC News Australia

October 28, 2022

Incident: Perth Mint visitor data stolen after feedback survey company hacked | WAtoday

Incident: Perth Mint visitor data stolen after feedback survey company hacked | WAtoday

January 31, 2020

Incident: Auto services firm Inchcape Australian hit by Windows Ransomexx ransomware | iTWire

Incident: Auto services firm Inchcape Australian hit by Windows Ransomexx ransomware | iTWire

December 14, 2020

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow the Source link to the original article to support the content owner. We only provide a brief summary with metadata to assist in categorisation.

More Australian News

Alert! National Anti-Scam Centre, ASIC warn Aussies of fake crypto trading platforms
Alert! National Anti-Scam Centre, ASIC warn Aussies of fake crypto trading platforms

Scammers are advertising crypto trading websites filled with fake data to share trading message groups – and taking victims’ money right now. • Mon, … [...]

Exclusive: Victorian regional newspaper allegedly hacked by ransomware group
Exclusive: Victorian regional newspaper allegedly hacked by ransomware group

The Adviser, a media outlet based in Shepparton, has been hit by a potential 350-plus gigabyte data breach. • Mon, 25 May 2026 • Security *]:clear-none … [...]

State Library of NSW responding to April cyber intrusion
State Library of NSW responding to April cyber intrusion

Library services remain offline following “suspicious activity in our catalogue”; services are expected to be back online by the end of the month. • … [...]

Directors told to stop admiring the AI problem and start governing it - AICD
Directors told to stop admiring the AI problem and start governing it - AICD

Directors told to stop admiring the AI problem and start governing it Friday, 15 May 2026 Brisbane played host to the AICDs’ Tech Governance Forum last … [...]

Student hackers take on 'ethical battle' beyond cyber attacks and exploits
Student hackers take on 'ethical battle' beyond cyber attacks and exploits

When more than 100 hackers meet in a room, it might be a good idea to update your password. But these cybersecurity sleuths have gathered for a good … [...]

How Australia's ASIC v FIIG decision supports your cyber investment business case
How Australia's ASIC v FIIG decision supports your cyber investment business case

What you need to know First AFSL cyber penalty: FIIG's $2.5 million penalty is the first cyber security penalty under general financial services … [...]

APRA and ASIC Sound the AI Alarm for Boards and Executives
APRA and ASIC Sound the AI Alarm for Boards and Executives

What you need to know APRA and ASIC have sent powerful messages to regulated entities regarding AI, cyber security and operational resilience in … [...]

Exclusive: INC Ransom claims cyber attack on Australian engineering service company
Exclusive: INC Ransom claims cyber attack on Australian engineering service company

Threat actors have claimed a cyber attack on an Australian engineering solutions company and are threatening to publish data they allegedly … [...]

Exclusive: Major cleaning and facility services firm confirms third-party cyber incident
Exclusive: Major cleaning and facility services firm confirms third-party cyber incident

Major private cleaning and facility services firm Menzies Group has confirmed a cyber incident that occurred after a third-party IT provider was … [...]

Exclusive: Australian College of Business Intelligence investigating Qilin ransomware claims
Exclusive: Australian College of Business Intelligence investigating Qilin ransomware claims

A Sydney-based vocational college has found no evidence of compromised student data after being listed on the leak site of a prolific hacking group. • … [...]

Victorian bulk porting scammer gets over two years in prison
Victorian bulk porting scammer gets over two years in prison

A 35-year-old man from Lynbrook, south-east Melbourne, has received a prison sentence of two years and two months, with a 12-month non-parole period, … [...]

NSW cyber cops bust alleged bullion-buying BEC bandits
NSW cyber cops bust alleged bullion-buying BEC bandits

NSW Police have charged three people over an alleged $600,000 business email compromise (BEC) scam operation, after detectives caught a young woman … [...]

Shares
Share This

Discover more from Australian Cyber Aware

Subscribe now to keep reading and get access to the full archive.

Continue reading