The recent cyber attacks on Optus and Medibank have exposed just how much of your personal information is out there seemingly for the taking.
Your financial info is no different. And with the increasing popularity of budgeting apps, a lot more of this information is out there.
Not only info such as your account passwords and credit card details but extensive information on your income and spending habits, investments, superannuation and more.
How can you be sure this data is safe with an app bought from the app store when it’s apparently not safe with some of Australia’s corporate giants?
Read: A class action against Optus could easily be Australia’s biggest
Fortunately, so far, most of Australia’s most popular budgeting apps, including Goodbudget, Frollo and MoneyBrilliant, have remained free of data breaches.
But that is not so for all apps. In May 2020, the MyBudget app was hit by a ransomware attack that resulted in 13,000 of its customers being unable to access their money within the app.
MyBudget’s service involves users depositing their income into an account, from which MyBudget then distributes the funds in accordance with the customer’s predetermined budget plan.
During the outage, users did not know whether automated payments they had set up had been made.
Read: Five financial apps to get your money working for you
Days later, a vague threat was posted on a cybercrime forum from a user purporting to be from a group called Mespinoza.
The group simply posted MyBudget’s name on the forum, which is often the first step in an extortion attempt. But obviously it can also be a bluff by someone wishing to take advantage of MyBudget’s outage situation.
Brett Callow, digital threat analyst for software company Emsisoft, told ABC at the time that this was a common tactic used by cybercriminals.
“The groups all have slightly different strategies when it comes to naming and shaming victims. Some start by simply naming the company while others publish a small amount of the data as proof – a bit like a kidnapper sending a pinkie finger,” he said.
Read: Why you need to review your passwords now
“Should that not convince the company to pay, they’ll publish more data, typically in instalments.
“It’s a warning shot – pay up, or we’ll start publishing.”
Ultimately, it did prove to be an empty threat, and it was confirmed that there was never any data breach. But the incident highlights how vulnerable your financial data can be with some of these apps.
It can be difficult to know which apps are secure – and which ones might be more lax.
Ajay Unni, cyber expert and founder of StickmanCyber, told The Age that when downloading an app, users should read the terms of agreement and understand how the data will be used.
“A marker of good security is if the app is compliant with ISO 27001 – a widely recognised international standard that dictates how digital information should be secured,” he says.
He also advises entering the app’s name into Google to see if any negative reviews come up and to also check reviews on the app store it was purchased from as these can often give you a good indicator of any problems.
Do you use any budgeting apps? Do you have any concerns about the app’s security? Let us know in the comments section below.
