iscover 
As exclusively reported by sister brand Cyber Daily, the hackers behind the breach affecting nearly 500,000 borrowers said the risk of causing a nationwide “wave of identity theft” was too great to release the data.
The hacker, who contacted Cyber Daily, explained their actions late last month.
“We have decided not to release any youX/Drive IQ data beyond what was shared in the breach preview, out of a desire to avoid the wave of identity theft across Australia this would inevitably enable,” the hacker said.
“We want to be crystal clear on something: this is not due to any action on youX’s part. On the contrary, we make this choice in spite of them throwing their partners, lenders, brokers and borrowers under the bus due to their negligence, irresponsibility, and generally incoherent response to this breach.”
The data, allegedly obtained at the start of February, included the personal and financial information of 444,538 borrowers, including incomes, debts, government IDs, and home addresses.
The group also claimed to be holding more than 8,000 password hashes linked to broker employees, as well as data belonging to 797 broker organisations, including ABNs, banking details, staff directories, and full customer portfolios.
The hacker claimed they released only a preview of the data, which they said included information from 149,349 loan applications totalling $3.7 billion, as a way to “punish” youX.
“We’ll say it again. When the cyber criminals take better care of your data than you do, it is time for some serious self-reflection,” the hacker said.
“Once the youX leadership dig themselves out of the ruins of their company, perhaps they’ll take the opportunity to do so.”
In an earlier update on its clear web leak site, the hacker claimed youX had engaged in negotiations, resulting in the removal of the initial leak posts. However, the group alleged talks collapsed after a youX representative issued an injunction notice threatening legal action.
“But in spite of our efforts, and the fact we’d immediately removed the posts when they finally contacted us at the right address, they had decided not to engage further,” the hacker said in a 23 February update.
“Probably figured they would need the half million dollars we were asking for to pay the legal fees they’re about to get slammed with. A shame.”
In an update on 27 February, youX said it was in the process of directly notifying individuals whose personal information had been identified as potentially affected.
“If our review indicates that your information was involved, you will receive direct communication from us. This will include further details about the types of data involved, steps you can take to protect yourself, and information about the support available – including credit monitoring where applicable,” the hacker said.
Following the breach, cyber security across the broking sector has come under increased scrutiny.
Speaking on a recent Finance Specialist podcast, Trent Carter and Liam Garman outlined what brokers should have in place to mitigate cyber risk and the steps to take in the event of a breach.
The MFAA’s CEO, Anja Pannek, also issued guidance to brokers in the wake of the incident.
“Mortgage and finance brokers handle highly sensitive financial and personal information every day. That makes our sector an attractive target for cyber criminals,” Pannek said.
“Strong cyber resilience practices are not optional – they are core to running a professional broking practice.”
[Related: Is AI coming for brokers? Industry weighs impact]