🔒breach.co.nz · the NZ & Australia breach register 🛡️ A Govern service
Register › 🇦🇺 AU › Finance
Advertising
Your brand, in front of the right people
Run-of-site leaderboard — every ad-supported page across the register.
Enquire → breach@govern.co.nz

Finsure

🇦🇺 Sydney, NSW · Finsure Group (Finsure Finance & Insurance Pty Ltd) · Record AU-2024-0311
○ Reported — awaiting official confirmation
Reported — awaiting official confirmation. The facts below are drawn from the organisation's own disclosure and credible reporting. Figures are as reported; unknowns are labelled, not estimated by us.
People affected
Not disclosed
Breach date
2024-10
Regulator
none
Trust tier
B · Reported

Data exposed

Names, email addresses, phone numbers and physical addresses Company-confirmed

Confidence: Confirmed = regulator/court · Company-confirmed = the organisation's own disclosure · Media-reported = press. Figures without an official source are labelled, not estimated.

What happened

In late 2024 the mortgage aggregator Finsure disclosed a cyber incident affecting customers and brokers. The exposure occurred on a third-party platform — the ActivePipe email-marketing service — rather than on Finsure’s own systems [fin-adviser]. Finsure said the compromised data was limited to names, email addresses, phone numbers and physical addresses, and that no credit-card details, identity documents, passwords or financial information were involved [fin-adviser].

Timeline

  • 2024-10 — Incident occurred on the third-party ActivePipe platform [fin-hibp].
  • 2024-11 — Finsure publicly confirmed the incident and notified affected people [fin-adviser].

Current status

Disclosed. The number of people affected is contested and no official figure has been confirmed. Have I Been Pwned indexed roughly 296,000 email addresses attributed to the incident, while the platform provider disputed that scale [fin-hibp], [fin-adviser]. Because there is no regulator-verified count, no figure is asserted here.

Why it matters

Even a “contact details only” breach at a mortgage aggregator is useful to fraudsters for targeted phishing, and it shows how a supplier’s marketing platform can become the weak link that exposes a financial firm’s customers.

GGOVERN Tabletop Exercises · Govern house Rehearse the breach before it reaches the balance sheet. Book a Discovery Call →