iscover 
In the latest Finance Specialist podcast, hosts Liam Garman and Trent Carter revisited the recent youX data breach, which has allegedly left 797 broker organisations exposed.
According to threat actors on the dark web, they have allegedly exfiltrated the personal and financial data of 444,538 borrowers, including incomes, debts, government IDs, and home addresses.
Garman and Carter outlined what brokers should have in place before an incident occurs and what steps to take once a breach is discovered.
“It’s an increasing area of focus for cyber criminals out there, and certainly the financial markets and financial industries make a lot of sense for them to be involved with,” Carter said.
“If we had criminals walking around with hoodies, machetes and machine guns, we would have locks on our doors and bars on our windows. This is the equivalent. I would just encourage brokers to do one thing today – review the real basics they have in place.
“We’ve got to be on our toes.”
Garman said: “In the property space, this is a $12 trillion industry. And at the broker level, if you were overseeing the transactions or if you’re supporting multimillion-dollar contracts, and potentially lending up into the millions, you’re actually a very fruitful target for attackers.”
Incident response plan essential
Carter and Garman agreed that preparation is essential.
Brokers were advised to maintain a documented incident response plan, even if only a brief outline, covering internal roles, decision-making responsibilities, and key contacts such as insurers and IT providers.
“I think you can kick off with a documented response plan – a risk assessment 101,” Carter said.
“If it’s a physical risk, like a bushfire plan: where are we going to stay, where are we going to go? What do we pack, what do we grab? It’s no different. It’s a risk. And if it happens in your business, what are we going to do?
“Even if it’s only a two-page bullet point document that you’ve discussed with the other people in your business, it’s better than nothing. So have clear internal roles and responsibilities – who’s going to make the decisions, who’s going to speak to the clients, who’s going to call the insurers, what are their numbers, what are our policy details. Having all that in one accessible place will make life a little bit easier.”
Other recommended measures included:
- Ensuring multi-factor authentication (MFA) is enabled on all accounts.
- Testing backups and restoration processes in advance.
- Identifying a trusted IT contact to assist in the event of a breach.
If an incident occurs, brokers were advised to disconnect from the internet without immediately shutting down systems and follow their documented response process.
Communication and compliance
The discussion also examined how brokers should communicate with clients and regulators following an incident.
Carter emphasised early and transparent communication, warning against attempts to conceal breaches.
“Honesty is the best policy in these scenarios,” he said.
“The best way to do it is early information, clear communication, regular communication, and outlining what we are doing about it.”
Post-breach vigilance critical
Importantly, the episode highlighted the risk of repeat attacks. Businesses that have been breached once may be targeted again, particularly if vulnerabilities remain unaddressed.
Brokers were encouraged to conduct a full root cause analysis after any incident, retrain staff on phishing risks, review third-party access, and reassess system protections.
“They say lightning doesn’t strike twice. It actually really does,” Garman said.
“In the world of cyber breaches and cyber attacks, lightning strikes twice very often, because you flag to the cyber crime world where the vulnerabilities are in your business.”
Carter said: “I think they need a clean sheet of paper and to start again in terms of their cyber-security environment and checks. The first thing you would want to do is a full root cause analysis: where did they get in? How did they get in? Where was that vulnerability? You need to understand that.”
[Related: MFAA issues guidance in wake of youX data breach]