Australian mortgage broking group Finsure has confirmed a data breach that impacted the marketing data of some of its brokers and customers. The incident, which occurred in October 2024, came to light after nearly 300,000 email addresses linked to Finsure were added to the “Have I Been Pwned” database. The compromised data includes names, email addresses, phone numbers, and physical addresses. However, Finsure clarified that no sensitive financial information, passwords, or personal identification data was exposed, as the breach did not affect its internal systems.
The breach was traced back to a third-party service provider, believed to be the ActivePipe real estate marketing platform, where compromised credentials allowed unauthorized access to the data. Finsure stated that the marketing information involved was mostly basic contact details that are already in the public domain. After the breach was discovered, Finsure worked with the third-party provider and cybersecurity experts to investigate and address the issue. The company also confirmed that there is no evidence that the exposed data was misused or published elsewhere.
Despite Finsure’s efforts to reassure the public, the scale of the breach became a point of contention. While “Have I Been Pwned” listed 296,124 affected email addresses, ActivePipe, the third-party service provider, disputed these figures. ActivePipe claimed that only 35 contacts were impacted, and they emphasized that no other data, including passwords or financial information, had been exposed. The company also noted that no breach had occurred within its platform itself, as the compromised data was accessed through external API credentials.
Finsure, on its part, has been proactive in communicating with affected brokers and customers, notifying them of the incident and urging vigilance against potential phishing attempts or other suspicious activity. The company reiterated its commitment to safeguarding personal data and expressed regret for any concern caused by the breach. Though the breach involved information that was publicly accessible, Finsure has assured customers that it is taking steps to prevent further incidents and strengthen its cybersecurity protocols.
Reference:
