FIIG - The Fixed Income Experts

FIIG Securities Response to Cyber Incident

Information for Institutional Clients

Information, updates and support for those affected


Based on our investigation, we believe the following types of personal information relating to our institutional clients has been accessed:

 

  • Name; 
  • Email address (generally work email address, or personal email address if provided) and date of birth for the authorised contacts of the institutional client.
  • For a group of authorised contacts, some additional identity information was also accessed. This is the identity documentation provided when opening the account. This will be either a driver’s licence or passport of the authorised contacts.
  • Other personal information that may have been included in documentation provided to us by an institutional client. For example, this may be personal information of the directors of the institutional client, if this was included in the client’s corporate due diligence pack. We do not ask for this information, but it can include the director’s name, director ID, and any identity documentation included in the pack.

We have contacted the authorised contacts of our institutional clients. We are unable at this time to contact any directors whose personal information may have been provided in corporate due diligence packs along with entity documentation. If you are a current or former director of one of FIIG’s current or former institutional clients and you believe your ID documents may have been included in your institution’s due diligence pack we recommend that you take the following steps. 

We do not believe the third-party has accessed any other personal information relating to our institutional clients (for example, we do not collect personal bank account details or TFNs for the authorised contacts of our institutional clients).   


1) Stay Alert to Phishing Emails, text messages and phone calls

Exercise usual caution when replying to emails, phone calls and text messages. Don’t open suspicious texts, pop-up windows or emails, or click on suspicious links or open unusual attachments. Ensure you thoroughly identify callers and don’t divulge personal information to unknown parties.  

2) Change your Passwords Regularly 

We recommend you change your passwords regularly.

3) Identification Documents  

 

If you provided ID documents upon opening or to maintain your organisation’s account with us, we believe a copy of these documents has been accessed in connection with this incident. Please see recommended steps below if this is the case. 

 

This incident does not affect the validity of any driver’s licence or passport, and you are still able to use these documents as a valid form of proof of identity. However, out of precaution, you may wish to replace your driver’s licence or put a DVS block on your passport if you have not already renewed or replaced it since initially providing us with those details. Details are provided below for how to replace a driver's license or add a DVS block on your passport.

 

FIIG will reimburse impacted people the cost to replace (not renew) their driver’s licence until 31 August 2023, upon the production of a receipt. FIIG generally does not hold client passport details; in the event we do, we recommend clients activate the DVS passport blocking service; details are provided below. Please contact your relationship manager or call 1800 01 01 81 to confirm the ID documents FIIG holds before replacing them (if you have not already), or with any other questions on ID replacement cost reimbursement.

 

We recommend that you review and continue to monitor your consumer credit report for any discrepancies or unusual activity. This is especially relevant if you have also been impacted by other cyber incidents where a broader amount of personal information has been compromised. 

 

You can apply for an annual free credit report from one of the consumer credit reporting agencies below. You can also consider contacting each of these bodies to place a temporary ban on your credit report. This means that each of these credit reporting agencies will not be able to share your credit report with credit providers without your consent for 21 days, unless extended. This sharing of your credit report is normally required for somebody to take out credit using your identity.

 

Equifax -  https://www.equifax.com.au/personal/products/credit-and-identity-products

Illion -  https://www.creditcheck.illion.com.au/
Experian  - https://www.experian.com.au/consumer/

4) General Recommendations  

 

Other steps you can take to protect yourself from the incident include: 

 

If you need assistance with taking the above steps, please visit cyber.gov.au or contact ID Care on 1800 595 160.

 

5) Information for individuals who may have supplied passport information

Please note: As part of the application process for becoming a FIIG client or maintaining an account, we sometimes require a passport number and, in some instances, a scanned copy of a passport. 

 

This incident does not affect the validity of any passport for travel purposes. However, to help prevent the digital misuse of your passport information which may have been exposed in the data breach, we can request to put a block on your passport using the Commonwealth Credential Protection Register (CPR). FIIG can facilitate the CPR registration of your passport through the Department of Home Affairs, and it will no longer verify through the Australian Government Documentation Verification Service (DVS). 

 

The DVS compares personal information on identity documents against existing government records, such as passports, to help verify identity online. 

 

Clients with passports that have expired in the past three years can consider opting in for this service, as passports that expired within this period can still be used to verify identity. 

 

How can I have my passport DVS blocked? 

If you would like to have your passport document number blocked within the DVS service, we need your consent and confirmation of the passport document number to be blocked. Please inform your relationship manager or by calling 1800 01 01 81 by phone with these details – do not provide them in written format via email. 

 

You will need to provide your first name, last name, email, and passport number, which will be supplied to the Australian Government Documentation Verification Service (DVS), and they will block your passport from verifying online. 

 

What does having my passport blocked  include?

A blocked passport means that it cannot be used to verify an identity online through the DVS for confirmation of identity checks for government departments and organisations such as banks and telecommunication companies. 

 

Can I continue to use my passport for travel or identity verification?

If you choose to have your passport blocked, you can continue to use your passport to travel and verify your identity in person, including for government or financial services. You can still book international travel with your passport number online. 

 

Can I have my passport unblocked?

Once blocked in the DVS system, a passport cannot be unblocked. If you replace or renew your passport, your current document will be voided, and your new document (with a new document number) will safely verify through the DVS.

 

Can I replace a passport blocked  in the DVS system?

Yes, if you opt to have your passport blocked, you can still choose to replace or renew this document at a later date. More information on replacement and renewal options is available at www.passports.gov.au/getting-passport-how-it-works/special-travel-documents/replacement-passport

 

What other documents will I be able to use to verify my identity online via the DVS service? 

The DVS service also accepts driver licences and Medicare cards. As long as these documents are not also flagged within the DVS system, they will continue to be able to be used for digital verification. Please note FIIG is unable to block any documents other than passports within the DVS system, including driver's licences. 

 

Where can I find more information?

For more information on your passport being involved in a data breach, please visit https://www.passports.gov.au/data-breaches

For more information on the Australian Governments Document Verification Service, please visit please see https://www.idmatch.gov.au/our-services

 


6) Driver’s Licence Information

Please note: As part of the application process, clients may have provided a driver’s license number and, in some instances, a scanned copy of the license. 

If you believe the driver’s licence details provided to FIIG have since expired, then you do not need to consider replacing your new licence.

 

Below is the relevant state or territory government guidance on requirements for replacing your licence. 

 

New South Wales

To replace your licence card number:

Online via the Service NSW website service.nsw.gov.au/transaction/replace-nsw-driver-licence-online

In person by visiting a Service NSW Centre. 

Note: You can only replace your driver’s licence card online once in a 12-month period. If you have replaced your card online in the past 12 months, you will need to visit a Service NSW Centre in person.  

When you replace your licence, your card number will change, but your driver’s licence number will remain the same. This will protect you from attempts to use your previous licence to fraudulently verify your identity by businesses (such as banks and telecommunications companies) via the Australian Government’s Document Verification Service (DVS).

If you are requested to provide a CIRS number (Cyber Security incident report reference), contact your FIIG representative, who can provide you with this number.

For more information, please visit nsw.gov.au/id-support-nsw

 

Queensland 

To replace your licence card number:

Online via the Department of Transport and Main Roads website www.service.transport.qld.gov.au/replacedriverlicence

In person by visiting a transport and motoring customer service centre.

Note: You can only replace your driver’s licence card online once in a 12-month period. If you have replaced your card online in the past 12 months, you will need to visit a Service Centre in person.  

When you replace your licence, your card number will change, but your driver’s licence number will remain the same. This will protect you from attempts to use your previous licence to fraudulently verify your identity by businesses (such as banks and telecommunications companies) via the Australian Government’s Document Verification Service (DVS).

 

Victoria 

The VicRoads website states that a driver’s licence can only be replaced if there is evidence that the licence has been used to commit fraud, and not in the circumstance when licence details are only exposed or potentially exposed in a data breach. 

VicRoads has commenced adding a secondary card number onto licences from November 2022. Applying for a new licence card will add an additional layer of protection. More information: www.vicroads.vic.gov.au/licences/licence-and-permit-types/cards-and-card-numbers

You can apply for a replacement licence through the following methods:

Online via  https://www.vicroads.vic.gov.au/licences/renew-replace-or-update/replace-your-licence-or-learner-permit 

In person by visiting a VicRoads Service Centre. 

By phoning 13 11 71

When you replace your licence, a card number will be added in addition to your licence number. This will protect you from attempts to use your previous licence to fraudulently verify your identity by businesses (such as banks and telecommunications companies) via the Australian Government’s Document Verification Service (DVS).

 

ACT

You can apply for a new licence through the following methods:

Online by visiting www.accesscanberra.act.gov.au

In person by visiting an Access Canberra Service Centre located at Woden, Belconnen, Gungahlin and Tuggeranong.

By phone by calling 13 22 81

When you replace your licence, your card number will change, but your driver’s licence number will remain the same. This will protect you from attempts to use your previous licence to fraudulently verify your identity by businesses (such as banks and telecommunications companies) via the Australian Government’s Document Verification Service (DVS).

 

South Australia

To replace your licence card number:

Online by visiting service.sa.gov.au  

In person by visiting a Service SA centre

By phone by calling 13 10 84 

When you replace your licence, your card number will change, but your driver’s licence number will remain the same. This will protect you from attempts to use your previous licence to fraudulently verify your identity by businesses (such as banks and telecommunications companies) via the Australian Government’s Document Verification Service (DVS).

 

Tasmania

The Tasmanian Government recommends you apply for a replacement driver’s licence through a Service Tasmania Service Centre. More information on this process can be found at  https://www.service.tas.gov.au/services/transport/driver-and-rider-licences/apply-for-a-new-driver-licence-number or  by calling 1300 135 513.

Replacing your licence will protect you from attempts to use your previous licence to fraudulently verify your identity by businesses (such as banks and telecommunications companies) via the Australian Government’s Document Verification Service (DVS).

 

Western Australia

You can replace your licence card:

Online via your DoTDirect account (preferred)

In person at a Driver and Vehicle Services Centre, Department of Transport regional office or agent. You will need to bring proof of your identity (original documents) if attending in person. Your current driver’s licence card is acceptable.

When you replace your licence, your card number will change, but your driver’s licence number will remain the same. This will protect you from attempts to use your previous licence to fraudulently verify your identity by businesses (such as banks and telecommunications companies) via the Australian Government’s Document Verification Service (DVS).

 

Northern Territory 

You can replace your licence card:

Online by visiting nt.gov.au/driving/licence 

By phone by calling 1300 654 628

In person by visiting an MVR office or a local participating Australia Post office

When you replace your licence, your card number will change, but your driver’s licence number will remain the same. This will protect you from attempts to use your previous licence to fraudulently verify your identity by businesses (such as banks and telecommunications companies) via the Australian Government’s Document Verification Service (DVS).

 

7) Medicare

Medicare Card Copy

A Medicare card copy belonging to you may have been exposed during the cyber incident.

If you’re concerned or you’ve been affected, the easiest way to replace your Medicare card is by using your Medicare online account through myGov.

The Services Australia website contains helpful information about the steps you can take to replace your card:

www.servicesaustralia.gov.au/databreach

If you are concerned about the security of your Medicare, Centrelink and myGov accounts, you can contact the Scams and Identity Theft Helpdesk on 1800 941 126 (available 8am to 5pm AEDT Monday to Friday).

Medicare Card Number (number only, not card copy)

A Medicare card number belonging to you (not a copy of your Medicare card) may have been exposed during the cyber incident.

People can’t access your Medicare details or Medicare account with just your Medicare card number. To reassure you, unlike a scan or copy of a Medicare card, a Medicare card number by itself cannot be used as a proof of identity.

If you are concerned about the security of your Services Australia accounts, you can contact the Scams and Identity Theft Helpdesk on 1800 941 126 (available 8am to 5pm AEDT Monday to Friday).