iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
The Latitude Financial cyber attack is set to worsen, with the company saying that it expects to uncover even more stolen data.
The financial services organisation, which is responsible for offering individuals and businesses a range of services, including digital payment services, loans, credit cards and insurance, announced on 16 March 2023 that it was the victim of a cyber attack that saw customer data stolen.
In a press release posted on 20 March 2023, the company said that to prevent additional attacks, it has taken some of its systems offline. Approximately 330,000 customers have been affected so far.
“Because the attack remains active, we have taken our platforms offline and are unable to service our customers and merchant partners,” said Latitude in its public statement to the ASX.
“We cannot restore this capability immediately, however we are working to do so gradually over the coming days and ask our customers for their continued patience. Our restoration of these services is aligned to our forensic review.”
The company has also said that it has been working alongside the Australian Cyber Security Centre (ACSC), relevant government agencies and the Australian Federal Police (AFP), the last of which has begun an investigation into the financial services organisation.
Latitude is also conducting an extensive forensic investigation into its systems in an effort to “identify the full extent of the theft of customer information as a result of the attack”.
The company expects that more stolen data will be uncovered, affecting both current and former customers, as well as non-customers.
“As our review deepens to include non-customer originating platforms and historical customer information, we are likely to uncover more stolen information affecting both current and past Latitude customers and applicants,” it said.
“We will provide a further update when we have more information to share.”
At the time of writing, Latitude has said that the hack has seen the data of approximately 330,000 customers and applicants stolen, with 96 per cent of that data being in the form of driver’s license copies and numbers.
This is a considerable increase from the 225,000 estimate Latitude issued only days ago when the hack was first announced.
The remaining 4 per cent was made up of copies of passports and passport numbers and Medicare numbers.
Latitude has said that from yesterday, when the press release was posted, it will begin informing affected customers directly, reiterating that it had contacted all of its customers days earlier. The breach was first announced on 16 March, with customers informed directly by the company the next day.
However, customers have been critical of Latitude’s handling and lack of communication, with many frustrated that media reports were their initial source of information on the breach rather than direct communication from the financial services company.
“Only 36 hours to receive an email that says nothing,” said one customer on Twitter.
“No clarity if credit card business is impacted or not. Great job, Latitude.”
Only 36 hours to receive an email that says nothing. No clarity if credit card business is impacted or not. Great job, Latitude. pic.twitter.com/YUkLX85UiY
— Sharon H (@TrixieBelden_) March 17, 2023
Another customer has said that they were affected despite having closed their account.
So despite having closed my @latitude_fs account, the hack still got my licence and personal details ?
— Big Rig Baxy (@Baxy1080) March 20, 2023
Latitude has said that it has established contact centres across Australia and New Zealand and has engaged IDCARE services. Customers can contact IDCARE on 1800 595 160.
Latitude has been contacted by Cyber Security Connect requesting more information on the nature of the attack.
Be the first to hear the latest developments in the cyber industry.
