Ask Paul: My lender had a data breach but I can't afford to leave
Hi Paul,
My mortgage lender (Firstmac) had a cyber incident that compromised my personal details including name, address, date of birth, driver licence and other third-party banking details.
I was only advised one month later after first hearing about it in the media.
I'm very disappointed with their handling of this incident, their advice on how to be cyber safe (this felt ironic) and their delay in notifying me after my data was compromised.
I've contacted them since, but they can't offer me much other than a year's subscription to a credit agency. I don't feel there is any compensation for their negligence.
I suffered a similar fate with Optus and received some compensation in the form of free services for a limited time.
But, ultimately, I left them because I felt I could no longer trust them. And this wasn't difficult.
Unfortunately, with a mortgage it's not that easy. I'm at the limits of my loan serviceability, so I don't think I could move to another lender.
My understanding is that if I approach another lender and get knocked back, this negatively impacts my credit rating. I feel trapped and stuck in a bad relationship. Can you suggest some options, please? - Ed
Technology has moved us and crooks, very rapidly, into a new world, Ed.
Crooks used to be easier to spot, often being people with balaclavas and guns holding up a bank. Now they live behind computer screens, at times in countries I know little about.
One way or another, most of us have had some impact from cyber crime.
Apart from a deluge of scam emails and text messages, mine happened when Telstra decided to pass on a replacement password to a crook who had nothing but part of my email address, without any security checks.
In your case, I am pleased to read that at this stage you have not suffered any financial loss due to identity fraud.
Regarding your rights to compensation, I have zero expertise in this area, so I had a chat with some cyber folk and also ploughed through various cybercrime reports. My conclusion is not helpful to you.
It seems to me that as individuals we have little power, in particular if no direct financial loss occurred.
One obvious thought is that if there was a class action against your mortgage provider, you would join that.
It seems to me the offer of a year's subscription to a credit agency is something you should take up. Ensuring your details are not being used to take out a loan is one form of protection from a data breach.
Otherwise, I do get your point regarding your ability to switch lenders when you are at the limits of loan serviceability. If you were to formally apply for credit, and it was rejected, this would be noted on your credit report.
More broadly, I am always keen for borrowers to ensure they are on the best rate.
You could certainly make informal enquiries; a mortgage broker could be valuable here. They would let you know if you were likely to be approved before lodging an application.
Personally, I'd only be changing to get a better deal. Sadly, in this day and age, a lender you move to may well be the next victim of a data breach.
My response to the prevalence of data fraud is to keep a close watch on my bank accounts, credit cards and credit report through a credit agency, and, of course, taking great care with passwords and two-factor authentication.
Get stories like this in our newsletters.