Squirrel peer-to-peer lending reports data breach exposing 600 customers

Squirrel, a company specializing in peer-to-peer lending, investing, and mortgage brokering services, reported a data breach affecting customers who signed up between June 20 and July 20 2024.

Based on their investigation, Squirrel is "99.9%" certain that an overseas actor or actors were responsible for the breach. No ransom demand was received, and Squirrel's direct systems were not compromised. The breach occurred through a third-party system used for anti-money laundering (AML) and know your customer (KYC) verification. Up to 600 customers have been the target of a cyber attack.

Exposed data includes

• Driver’s license number
• Expiry date
• Version number
• Name
• Address details if printed on the license

Squirrel is reimbursing affected customers who wish to replace their driver's license or passport, ensuring that photos on these documents were not stolen. The Office of the Privacy Commissioner has been informed, and Squirrel has taken steps to close the exploited vulnerability and prevent future incidents.