Investment clients’ data sent to dark web
Personal information belonging to clients of an Auckland financial services firm has been published on the dark web after the company fell victim to a ransomware attack.
Earlier this month a blog post on the dark web showed cyberattackers appeared to be in possession of sensitive information held by financial services company Staircase Financial Management.
The post on NetWalker Blog had a countdown clock indicating how much time was left before the data was made public.
That clock has now run out and the data has been made public across multiple third-party file-sharing sites.
NetWalker is a type of ransomware software discovered in late 2019 and created by hackers. Ransomware threatens to publish the victim’s data or block access to it unless a ransom is paid.
In a written statement, Staircase director Kylie Turgis said clients had been advised of the attack and the firm was ‘‘assisting the NZ Police cybercrime team to investigate the matter’’.
Staircase had also consulted with government agency Cert NZ and the office of the privacy commissioner, and it was following their recommendations, she said.
A police spokesman said its Auckland City fraud team was not immediately aware of receiving any complaints in relation to the matter.
New Zealand authorities generally advise companies against paying ransoms because it encourages future cyberattacks.
Staircase’s website says it has been providing retirement and financial strategies to thousands of New Zealanders since 2001, through the creation of long-term property investment portfolios.
The Financial Markets Authority earlier said Staircase was not licensed by it and so was not required to notify it of a security breach.
Cert NZ recommended the following steps if a person believed their personal information had been released in a data breach:
■ contact the relevant business or organisation to see if the breach affects your accounts and if so what information was breached;
■ change the passwords for any accounts that may be at risk; and
■ get a free credit check done to see if any accounts have been opened in your name.