Mortgage broker听Squirrel听and up to 600 customers have been the target of a cyber attack.听
Driver licence numbers and passport numbers were among material stolen in the breach, the company said.听
鈥淲e found out there was an issue on Sunday morning,鈥 Squirrel chief operating officer Dave Tyrer told the听Herald.听
He said it took until yesterday to confirm what, if any, personal data had been breached, and alert customers.听
鈥淚t鈥檚 not always easy to get the information you need, when you need it, in these situations.鈥听
Tyrer said based on investigations so far, Squirrel was 鈥99.9%鈥 sure an overseas actor or actors carried out the breach.听
Squirrel received no ransom demand or other contact from the attacker or attackers, he said.听
鈥淭hey can鈥檛 hold us to ransom or anything like that. None of Squirrel鈥檚 direct systems are compromised.鈥听
He said the breach happened on a third-party system used for听anti-money laundering听and know your customer (KYC) verification.听
But Squirrel took responsibility and that third party provider鈥檚 other customers were not compromised, Tyrer said.听
- Health insurer Accuro says 30,000 customers鈥 data potentially exposed in hack
- Privacy Commission tells businesses to 'wake up' to risks of cyberattacks
鈥淭o be clear, the breach is on Squirrel and not on them as a provider.鈥听
He said Squirrel had taken steps to close the weakness the hacker or hackers exploited and reduce the chances of a similar incident happening again.听
The Office of the Privacy Commissioner had been told about the data breach, he said.听
鈥淲e鈥檙e 100% reimbursing any customer that wishes to replace their driver鈥檚 licence or passport.鈥听
Photos on the licences and passports had not been stolen or compromised, he said.听
The hack might remind some people of the听Latitude-Genoapay data breach听but Tyrer said the Squirrel breach, though serious, was on a smaller scale and less severe.听
It impacted customers who signed up with Squirrel between June 20 and July 20.听
鈥淭he majority of them were registered to become an investor with Squirrel,鈥 Tyrer said.听
He said he could not be certain what the motivation for the attack was.听
鈥淚dentity data can be valuable [but] typically it鈥檚 only valuable if you also have the image related to the customers.鈥听
The company said no other customers were impacted and no customers had user names, passwords, or bank account details compromised.听
Tyrer said various alerts on Sunday notified Squirrel of a potential problem but for security reasons he did not want to elaborate on what those alerts were.听
He said he believed Squirrel鈥檚 response time from the first alert to breach confirmation was in line with how many other companies would or could respond.听
He said affected customers could 0800 212 230 or email [email protected].听
Squirrel provides peer-to-peer lending and investing as well as mortgage brokering services.听
Take your Radio, Podcasts and Music with you
Get the iHeart App
Get more of the radio, music and podcasts you love with the FREE iHeartRadio app. Scan the QR code to download now.
Download from the app stores
Stream unlimited music, thousands of radio stations and podcasts all in one app. iHeartRadio is easy to use and all FREE
