Staircase financial

Hackers breached the security of an Auckland financial services firm and stole personal information belonging to clients of the firm. The stolen information is now available on the dark web.

A darknet blog post earlier in December 2020 showed that dark web hackers appeared to be in possession of personal information held by Auckland based financial services company Staircase Financial Management.

The blog post appeared on the NetWalker blog and it had a countdown clock indicating the time left to publishing the data. The countdown timer has run down and the data was made public and is available on file sharing sites.

NetWalker is a brand of ransomware software created in by hackers in 2019. NetWalker threatens to publish the victim’s data or block access to the data unless a ransom is paid.


Staircase financial management director Kylie Turgis said:

“We are assisting the NZ Police cybercrime team to investigate the matter,”

A spokesman with the police said that the Auckland Fraud team had not yet received any complaint about hackers stealing information from Staircase Financial.

Authorities in New Zeland have warned people against paying ransoms to hackers because it will encourage more attacks in the future.

Staircase’s has been providing retirement and financial strategies to thousands of New Zealand citizens since 2001.

Staircase Financial management is not licensed by The Financial Markets Authority and is not required to notify them of any security breach by hackers.

CERT New Zeland recommended the following steps in the event of a data breach:

  • Contact the relevant business or organisation to see if the breach affects any of your accounts and if so what personal information was breached
  • Change the passwords for any accounts you think may be at risk
  • Get a free credit check done. This will let you see if any accounts have been opened in your name.
Hackers might sell it on the Dark web

It is possible that the information could be sold on dark web markets and victims might not take it seriously.