The cyber attackers have been successful in acquiring client data that had been held by the Auckland financial services company. The company who has fallen victim has been reported as Staircase Financial Management. The acquired data had been published on the dark web as a ransomware attack victimized the company.
A month back, a blog report on dark web had revealed that it appears as if the cyberattackers are in possession of the sensitive information. This information was held by the Auckland financial services company, Staircase Financial Management.
A post on the NetWalker Blog bore a countdown clock that indicated the actual time left before the client data was made public. Now, the clock ran out of the provided time, and the client data had been made public across several third-party file sharing websites.
NetWalker is a kind of ransomware software discovered in late 2019 and was created by hackers. Ransomware threatens the publication of victims’ data or blocks access to the data until a ransom has been paid.
Staircase’s director named Kylie Turgis had said in a written statement that its clients had been advised of the cyberattack.
“We are assisting the NZ Police cybercrime team to investigate the matter,” Turgis said.
The company had also consulted with the Government agency called Cert NZ along with the office of the Privacy Commissioner and was following their recommendations, she revealed.
“We will not be making any further public statements in relation to this.”
A police spokesman had stated that its Auckland City Fraud team was unaware immediately regarding the receipt of any complaints related to the matter. New Zealand authorities usually advise the companies not to pay ransom to the cybercriminals as it further encourages future attacks.
The website of Staircase mentions that it had been providing financial strategies and retirement to thousands of New Zealanders from the year 2001, via the creation of portfolios on long-term property investments.
The Financial Markets Authority had earlier stated that Staircase was not licensed by it, and thus, it was not required to notify the clients of the security breach.
The Privacy Commissioner’s Office had been contacted for comment.
Disclaimer: Read the complete disclaimer here.