Close Menu
    Subscribe
    Alerts

    Incident: Finsure confirms ‘cyber incident’ impacting customers and brokers | TheAdviser

    adminBy No Comments2 Mins Read


    Finsure has confirmed that the marketing data of a number of its brokers and customers was impacted as a result of breach of their third-party provider Activepipe.

    Source: Finsure confirms ‘cyber incident’ impacting customers and brokers | TheAdviser

    View more incidents relating to the Banking and Finance sector and incidents resulting from Third-Party Risk Management.

    Summary:

    Finsure, an Australian mortgage broking group, has confirmed a cyber incident that impacted the marketing data of nearly 300,000 brokers and customers. The data breach was linked to a third-party service provider, ActivePipe, and included names, phone numbers, and physical addresses. No financial data or passwords were compromised.

    Finsure said it has since worked with the third-party provider – presumably ActivePipe – and the issue has been resolved.

    Statements:

    • Finsure: “We have worked with the third-party provider and cyber security experts to review the data on the impacted system. There is no evidence of misuse or publication of any individual’s personal information.”
      ActivePipe: “At no point was the ActivePipe platform breached. We are investigating our legal options as we consider the communication misleading and damaging to our company’s reputation.”
      Impact: The incident has raised concerns within the finance industry, highlighting the need for robust cyber security measures. Finsure has reassured customers that no sensitive financial information was exposed.
      Related Incidents:
      Previous breaches in the finance industry, including Firstmac and Latitude, have prompted increased education and support for brokers to enhance cyber security protocols.
      Conclusion: Finsure remains committed to protecting personal information and has taken steps to address the incident. The company apologizes for any concern caused and continues to work on improving its security measures.

    Conclusion:
    This is a lower-level breach of basic PII information, though adding the physical address for an individual to the big pool of dark web data is not good. Once again, Third-Party Risk Management is in play, and I wonder if their Information Asset Register had ActivePipe as a holder of PII information.

    Related Incidents:
    Previous breaches in the finance industry, including Firstmac and Latitude, have prompted increased education and support for brokers to enhance cyber security protocols.

     



    Source link

    Share.

    Related Posts

    Add A Comment

    Comments are closed.