Some current and former customers of Brisbane-based non-bank home lender Firstmac were notified this afternoon that some of their details had been compromised in a "cyber incident".
Firstmac said that as soon as the incident was detected, they took steps to secure their systems, and engaged cyber security experts.
"Unfortunately, our investigation has identified that an unauthorised third party has accessed some customer information," they said.
There was no evidence that Firstmac accounts had been impacted, and all customers' funds were still secure, the company said.
Customers were told that data including their names, home addresses, phone numbers, and dates of birth had been breached.
Passport numbers, medicare numbers and driver's license numbers were also impacted for some customers.
External bank account information, limited to just BSBs and account numbers, was compromised.
Firstmac told customers they had engaged IDCare, a national identity and cyber support community service, that will be available for free.
"We remain committed to protecting the personal information of our customers, and we sincerely apologise for any concern this update may cause," Firstmac said in a statement.
Firstmac advertises itself as one of the largest non-banking lenders in the country and claims to be the 12th largest home lender in Australia.
It is not yet clear how many customers were affected by the breach.