🔒breach.co.nz · the NZ & Australia breach register 🛡️ A Govern service
Register › 🇳🇿 NZ › Finance
Finance sector · leaderboard
Own the Finance leaderboard
The top banner across the Finance overview and every Finance record — one advertiser, exclusively.
Own this leaderboard → breach@govern.co.nz

Squirrel

🇳🇿 New Zealand · Squirrel Group (Squirrel Mortgages & Investments) · Record NZ-2024-0072
○ Reported — awaiting official confirmation
Reported — awaiting official confirmation. The facts below are drawn from the organisation's own disclosure and credible reporting. Figures are as reported; unknowns are labelled, not estimated by us.
People affected
600 (approx)
Breach date
2024-07
Regulator
none reported
Trust tier
B · Reported

Data exposed

Name, date of birth, and passport or driver-licence ID numbers (held by a third-party ID-verification onboarding system) Company-confirmed

Confidence: Confirmed = regulator/court · Company-confirmed = the organisation's own disclosure · Media-reported = press. Figures without an official source are labelled, not estimated.

What happened

In July 2024 the mortgage broker and peer-to-peer lender Squirrel disclosed a security incident exposing the details of up to 600 investors — names, dates of birth, and passport or driver-licence ID numbers retained by a third-party identity-verification system used in onboarding [sq-rnz], [sq-zb]. Squirrel said no account or financial data was exposed.

Current status

Disclosed. Squirrel notified affected investors; an overseas attacker was suspected [sq-zb]. The figure of up to 600 is the company’s own.

Why it matters

Identity numbers are exactly what enables impersonation fraud, and the incident shows how a third-party onboarding tool can become the exposure point rather than a lender’s own systems.

GGOVERN Tabletop Exercises · Govern house Rehearse the breach before it reaches the balance sheet. Book a Discovery Call →