Sydney-based fintech platform youX has confirmed that unauthorized access to its systems led to the exposure of sensitive personal data, including more than 200,000 driver’s licence numbers.The breach affects borrowers whose information was processed through mortgage brokers and lenders using the youX platform.According to reports, the attacker claims to have exfiltrated data tied to 444,538 individuals.
Among the compromised information were 229,226 Australian driver’s licence numbers, along with names, phone numbers, email addresses, residential addresses, loan applications, and financial records.The data is believed to have come from nearly 800 broker organizations that rely on youX’s systems to manage and submit loan applications.More than 8,000 password hashes belonging to broker employees were also reportedly accessed.
The alleged threat actor has already released part of the stolen dataset online and has threatened to publish more.“Among other things, we were able to exfiltrate the personal and financial data of 444,538 unique borrowers — income, debts, government IDs, home addresses — because they trusted their finance brokers, and those brokers made the critical error of trusting youX,” the hacker said in a statement published by Drive.Security analysts warn that once data of this scale enters criminal forums, it can be reused for fraud, phishing campaigns, and identity theft.
youX confirms unauthorized access In its latest update, youX acknowledged the breach and confirmed that personal information may have been compromised.“We are now aware that a threat actor has released data that it claims to have obtained as part of its unauthorised access,” the company said in a statement.“As a result, we have identified that personal information may have been compromised.” “In accordance with our legal obligations, we have kept the Office of the Australian Information Commissioner (OAIC) informed throughout this matter,” the company added.
youX said it has implemented additional security controls, enhanced monitoring, and engaged external cybersecurity experts to investigate the incident.It also confirmed that affected individuals will be notified in line with regulatory requirements.What can Australians do? Driver’s licence numbers are considered high-value identifiers in Australia.
They are often used to verify identity when opening bank accounts, applying for loans, or accessing government services.Authorities and experts are advising Australians who have recently applied for loans or used finance brokers to: Contact lenders to confirm whether they use youX.Change passwords on financial and online accounts.
Enable multi-factor authentication.Monitor bank accounts and credit activity.Australians in all states and territories can also request a new driver’s licence card number as a precaution.
The investigation is ongoing, and youX says it will provide further updates as more information becomes available.Also read: The Conduent ransomware breach shows how quickly breach counts can balloon as investigations widen.Subscribe to the Cybersecurity Insider Newsletter Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered every Monday, Tuesday and Thursday Subscribe to the Cybersecurity Insider Newsletter Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.Delivered every Monday, Tuesday and Thursday
Read More
