Australian mortgage broker Keylend has disclosed a data breach incident in which unauthorised access led to phishing emails being sent to third parties.
Keylend is a major Australian mortgage broking and finance organisation with over 25 years of experience. The company is a full member of the Mortgage and Finance Association of Australia (MFAA) and is recognised as a Top 25 Brokerage, with a loan book of over $3.5 billion.
On 23 April, Keylend told customers and contacts that earlier that day, a phishing incident may have occurred from one of its accounts.
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
“If you received an email from this address, please do not click on any links or download any attachments from this email. If you have already interacted with the email, please contact your IT support provider, and let us know,” the initial email said.
“Upon becoming aware of this potentially malicious email, we have immediately secured this email account to prevent any further emails being sent, and are thoroughly assessing and investigating this incident, supported by external advisors, to ensure that we meet all of our regulatory obligations.”
The company then provided an update in June, saying that the incident resulted after an unauthorised third party gained access to a single user’s email and Keylend account.
“Upon becoming aware of this on 23 April 2026, Keylend immediately contained the incident and removed the access of the unauthorised third party and commenced an investigation into the incident,” the email said.
“The incident [was] also reported to the Office of the Australian Information Commissioner and the Australian Securities and Investments Commission around that time.”
In a statement on its website, Keylend added that an investigation has been launched, but that additional emails may have been sent using its Mailbox.
“Keylend also considers that a copy of the Mailbox content may have been copied by the unauthorised third party, and so is undertaking a full review of the mailbox content so that notifications can be made to any and all affected individuals at risk of serious harm,” the statement said.
Keylend is also currently monitoring the dark web for any stolen data, but has yet to find any evidence of data being posted or leaked. It does, however, say that the Mailbox contact details used for the phishing emails were compromised due to the nature of the incident.
Cyber Daily has not yet observed any claims of responsibility for the incident by threat actors and will continue to monitor the situation.
Want to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.
Daniel Croft
Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.