Brinztech Alert: The Alleged Data of Synkli are Leaked

Dark Web News Analysis

The dark web news reports a significant data privacy incident involving Synkli, an Australian accounting software provider. A threat actor on a hacker forum is advertising a leaked database containing sensitive client information that impacts both businesses and individuals utilizing Synkli’s services.

The compromised dataset is extensive and highly sensitive. It reportedly encompasses Personally Identifiable Information (PII) including Full Names, Email Addresses, Phone Numbers, and critically, Tax File Numbers (TFNs). Furthermore, the leak contains Business IDs, Australian Business Numbers (ABNs), Client Reference Numbers, Onboarding Data, and Financial Records. This breadth of data suggests a deep compromise of the platform’s core client management system.

Key Cybersecurity Insights

Breaches of accounting software are “Tier 1” financial threats because they expose the fiscal identity of both businesses and their employees:

• Tax Fraud & TFN Exposure: The exposure of Tax File Numbers (TFNs) is the most severe aspect for Australian individuals. TFNs are lifelong identifiers used by the Australian Taxation Office (ATO). Attackers can use leaked TFNs combined with Names and DOBs to file fraudulent tax returns, claim refunds in the victim’s name, or commit employment fraud.
• Corporate Identity Theft (ABN Fraud): With ABNs and Business IDs, attackers can impersonate legitimate businesses. They can apply for credit, order goods on net-30 terms, or issue fraudulent invoices to the company’s clients, damaging the victim’s credit rating and reputation.
• Supply Chain Attack Vector: Synkli serves accountants who manage finances for other businesses. A breach here is a Supply Chain Attack. Attackers can use the Client Reference Numbers and Onboarding Data to craft highly credible phishing emails to Synkli’s accounting partners, potentially gaining access to the financial systems of hundreds of downstream small businesses.
• Document Management Risk: The leak includes “Document Management Data,” which likely contains scanned passports, driver’s licenses, or trust deeds used for client verification. This provides attackers with the “100 points of ID” needed to bypass almost any identity check in Australia.

Mitigation Strategies

To protect financial integrity and client data, the following strategies are recommended:

• ATO Notification: Affected individuals should immediately contact the Australian Taxation Office (ATO) Client Identity Support Centre to flag their TFN for suspicious activity.
• Client Communication: Synkli must proactively notify all accounting firms and end-clients. Transparency is vital so businesses can watch for unauthorized changes to their ABN details on the Australian Business Register (ABR).
• MFA Enforcement: Accounting firms using Synkli should enforce strict Multi-Factor Authentication (MFA) on their accounts and rotate all API keys connected to the platform.
• Scam Alert: Businesses should be warned to verify any “change of bank details” emails from their accountants or Synkli, as attackers may use the leaked data to intercept payments.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com