Share this article on:
The Office of the Australian Information Commissioner (OAIC) and its New Zealand counterpart are yet to release any information regarding the investigation into 2023’s Latitude data breach.
It’s been exactly one year since the Australian and New Zealand privacy commissioners launched a first-of-its-kind joint investigation into a data breach that affected more than 6 million customers of Latitude Financial Services.
However, since then, the investigation has gone quiet, and lawyers representing a 75,000-person class action are frustrated at the lack of action or updates.
“The uncertainty is very stressful for many of our registrants,” Aimee Dartnall, a lawyer at Gordon Legal, told Cyber Daily.
“No one likes being left in limbo. Our registrants told us that they have received a large increase in spam calls and emails following the data breach, they’ve had to replace passports and driver’s licences, and some even experienced attacks on their bank accounts or have fallen into debt. Latitude customers want answers, and they want their complaints to be heard.”
Gordon Legal has made six attempts to get an update on the progress of the investigation but to no avail, leading the class action’s lawyers to believe that the system is inherently broken.
“We don’t really know what is going on at the OAIC because no one will talk to us,” Dartnall said.
“The system has to become more efficient. At the very least, it needs to tell people when they can expect to have their complaints heard. People should not have to wait years to find out whether their complaint has been accepted for further investigation.
“Our main message is, please, come and talk to us. Tell us what is going on in your office so we can give our clients meaningful updates and advise them accordingly.”
Latitude revealed that it had suffered a catastrophic data breach on 16 March 2023, initially saying that only several hundreds of thousands of customers had been affected. However, on 27 March, that figure grew significantly, with Latitude reporting more than 14 million records belonging to more than 6 million people in Australia and New Zealand had been exposed.
Latitude is facing multiple legal challenges, and the cost of the breach to the company as of May 2023 was at least $95 million.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.