Share this article on:
Financial services company Latitude has announced via the Australian Securities Exchange that its mid-March data breach was far larger than originally reported.
The company revealed on 16 March that 225,000 customer records were affected by the hack. However, the number of records exposed by the as-yet-unidentified threat actor is now expected to hit 14 million following an updated release to the ASX.
A wide range of customer data has been affected.
Latitude has promised to reimburse customers who have had their ID documents stolen and is offering hardship support for customers in a “uniquely vulnerable position”. It has also employed the services of cyber incident specialists IDCARE.
“It is hugely disappointing that such a significant number of additional customers and applicants have been affected by this incident. We apologise unreservedly,” said Ahmed Fahour, Latitude Financial’s chief executive, in an ASX announcement.
“We are also committed to a full review of what has occurred. We urge all our customers to be vigilant and on the lookout for suspicious behaviour relating to their accounts. We will never contact customers requesting their passwords.
“We continue to work around the clock to safely restore our operations. We are rectifying platforms impacted in the attack and have implemented additional security monitoring as we return to operations in the coming days.
“We thank customers and merchant partners for their support and patience. Customers can continue to make transactions on their Latitude credit card.”
Affected customers can learn more about the incident on Latitude’s dedicated help page.
Minister for Cyber Security Claire O'Neil has said that the the National Coordination Mechanism has been working with Latitude Financial on the breach since March 16.
"The NCM has met five times in relation to the Latitude incident, and we have established two NCM working groups to address specific issues relating to the Financial Sector, and Identity Security and Services.
"It remains our position that no customer should bear the cost of a data breach and we are working with Latitude Financial to ensure that the customers affected by this attack are protected from immediate and future risks."
We have contacted Latitude Financial to ascertain in more detail the nature of the support it is offering for its more vulnerable customers.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.