Cybersecurity incident which requires your attention

Dear Frontier Financial Group and former Carrington Financial Services clients,

Your privacy and the security of your personal information is a primary concern for us. As such, we have posted this announcement on our website to notify you of a cyber incident that occurred within Frontier Financial Group during which some clients’ personal data may have been compromised. We have been taking steps to contact affected clients to inform them of what we have done to protect their personal information and to provide guidance about how they can further protect themselves.

You may be aware Carrington Financial Services (Carrington) was sold to Frontier Financial Group (Frontier) in July 2016. As a result, Frontier Financial Group retained personal information relating to those Carrington clients.

Please see below a summary of what has occurred, what we are doing to remediate this incident and steps that you can take to help protect your personal information.

Background

• On 16^th April 2018, Frontier noticed that certain data had been deleted from its server. At the time this was suspected to be a malfunction and so the data was restored from a backup and steps taken to investigate the cause of the deletion. This server contained information, including client names, addresses, account numbers, transaction details, identification documents and, in some instances, health information.
• In May 2018, some clients informed us of unauthorised use of their personal information.
• Since that time we have been making attempts to contacting clients directly to notify them of this data breach and to assist them to protect their personal information.
• Our investigation has confirmed that the breach was caused by an external brute force attack on the Frontier Financial Group network server.

What we are doing:

• Upon identifying the unauthorised access, we have added additional layers of security to our network.
• We are working with forensic experts to ensure the breach has been contained.
• We are arranging credit monitoring services to help protect your identity details from potential fraud using stolen data.
• We are notifying the Australian Tax Office (ATO) about the potential compromise of tax file numbers to prevent any misuse.
• To minimise the risk, and prevent fraud on your financial accounts, we are deploying enhanced reporting and ongoing monitoring of those clients that we have identified as having ANZ bank accounts to ensure these are protected. For details on managing your accounts with other financial service providers, please refer to the below Fact Sheet.

What you can do:

While we have put measures in place to assist in protecting your identity, we strongly advise you to consider the steps below to further protect yourself.

Remain vigilant and, as a precautionary measure, review account (including debit and credit card accounts) statements and communication from financial institutions to determine if there are any discrepancies or unusual activity listed. If you see any unusual transactions, contact your bank, credit card provider or other financial institution immediately.

Signs that your information may have been compromised include:

• You start receiving bills, credit cards, loan statements or calls from creditors you know nothing about.
• You have difficulty obtaining a credit card or a loan because of an inexplicably bad credit rating.
• The amount of mail you receive is decreasing, which may indicate that items are being stolen or your mail is being redirected somewhere else.

Where you believe your identity has been compromised, you should immediately:

• Report it to the police - Ask for a copy of the police report as banks and financial institutions will want to see it.
• Contact your bank or financial institution - Tell your bank, credit provider, or the relevant company, what has happened. If any accounts have been opened with your stolen details, ask for them to be closed or cancelled. You may need to ask them to set up new accounts and PINs.
• Inform the relevant government agency or business – where identification documents such as your driver's licence, passport, citizenship papers, Medicare card, birth, marriage/change of name certificates, tax file number, superannuation or pension details have been stolen, let the relevant agency know.

Additional information can be found on the attached Fact Sheet or from the ASIC MoneySmart website at https://www.moneysmart.gov.au/scams/other-scams/identity-fraud. We would like to assure you that all possible steps are being taken to rectify this incident and mitigate any effect on you. I sincerely apologise for any inconvenience and concern this cyber incident may have caused.

If you have any concerns at all please contact us on (03) 9671 4550.

Frontier Financial Group values your privacy and your ongoing support of our business.

Yours sincerely

Richard McLean

Director|Frontier Financial Group