Keylend Investigates Phishing Incident After Unauthorized Email Access
Australian mortgage broking firm Keylend, a Top 25 brokerage with a $3.5 billion loan book, disclosed a phishing incident on 23 April 2026 after an unauthorized third party gained access to a single employee’s email account. The company, a full member of the Mortgage and Finance Association of Australia (MFAA), immediately secured the compromised account and launched an investigation with external advisors.
In an initial alert, Keylend warned recipients of the suspicious email to avoid clicking links or downloading attachments and to report any interactions to IT support. A June update confirmed that the attacker had accessed the account, potentially copying mailbox contents, including contact details used in the phishing campaign. While no evidence of stolen data has appeared on the dark web, Keylend is conducting a full review to identify affected individuals at risk of serious harm.
The incident was reported to Australia’s Office of the Australian Information Commissioner (OAIC) and the Australian Securities and Investments Commission (ASIC). Keylend continues to monitor for further exposure but has not attributed the attack to any known threat actor. The investigation remains ongoing.
Keylend cybersecurity rating report: https://www.rankiteo.com/company/keylend
"id": "KEY1781583821",
"linkid": "keylend",
"type": "Cyber Attack",
"date": "4/2026",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Finance',
'location': 'Australia',
'name': 'Keylend',
'size': 'Top 25 brokerage with a $3.5 billion loan '
'book',
'type': 'Mortgage broking firm'}],
'attack_vector': 'Email',
'customer_advisories': 'Warned recipients to avoid clicking links or '
'downloading attachments and to report interactions to '
'IT support',
'data_breach': {'data_exfiltration': 'Potentially copied',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'Personally identifiable information',
'type_of_data_compromised': 'Contact details, mailbox '
'contents'},
'date_detected': '2026-04-23',
'date_publicly_disclosed': '2026-04-23',
'description': 'Australian mortgage broking firm Keylend disclosed a phishing '
'incident after an unauthorized third party gained access to a '
'single employee’s email account. The company secured the '
'compromised account and launched an investigation with '
'external advisors. The attacker potentially copied mailbox '
'contents, including contact details used in the phishing '
'campaign.',
'impact': {'data_compromised': 'Mailbox contents, including contact details',
'identity_theft_risk': 'Potential risk to affected individuals',
'systems_affected': 'Single employee email account'},
'initial_access_broker': {'data_sold_on_dark_web': 'No evidence of stolen '
'data on the dark web'},
'investigation_status': 'Ongoing',
'references': [{'source': 'Keylend initial alert and June update'}],
'regulatory_compliance': {'regulatory_notifications': ['Office of the '
'Australian '
'Information '
'Commissioner (OAIC)',
'Australian Securities '
'and Investments '
'Commission (ASIC)']},
'response': {'communication_strategy': 'Warned recipients to avoid clicking '
'links or downloading attachments and '
'to report interactions to IT support',
'containment_measures': 'Secured the compromised email account',
'enhanced_monitoring': 'Yes',
'incident_response_plan_activated': 'Yes',
'third_party_assistance': 'External advisors'},
'title': 'Keylend Phishing Incident',
'type': 'Phishing'}