Share this article on:
One of the victims of the Latitude Financial cyber attack has filed a $1 million lawsuit against the organisation, saying that the firm failed to meet a duty of care with his personal data.
Shahriar “Sean” Saffari, a former mayoral candidate in the Maitland 2021 election, was just one of the 7.9 million customers hit by the Latitude cyber attack that occurred in March, leading to customer data being posted on the dark web.
According to the case filed with the Federal Court at the beginning of the month, Saffari held a low-rate Latitude Mastercard credit card, and he is now claiming that Latitude was negligent in protecting his personal information and failed to take reasonable steps to uphold its duty of care.
Saffari is now seeking a payment of $1 million in compensation for damages caused by the attack.
If successful, the lawsuit would add to the massive price tag it already accrued from the attack. The financial organisation said it had set aside $53 million after tax in the first half of 2023, made up of a $46 million provision and additional costs incurred.
In addition, in an ASX announcement last month, the company expected a potential loss as high as $105 million as a direct result of the cyber attack.
“As a consequence of the direct impacts of the cyber attack on operations, IFRS 9 credit provisions and the provision for costs and remediation, the 1H23 statutory loss after tax from continuing operations is forecast to be in the range of $95 million to $105 million, with the full-year statutory result also expected to be a loss,” it said.
On top of the expenses it already faces, Latitude could incur more penalties as a result of the hack, with the case currently under investigation by the Office of the Australian Information Commissioner (OAIC), as well as New Zealand’s Office of the Privacy Commissioner.
The OAIC is able to enforce fines of up to $50 million per issue found.
The Latitude Financial cyber attack occurred back in March, leading to the data of 7.9 million current and former customers being stolen.
The company was contacted by hackers claiming to be behind the attack, requesting that Latitude pay a ransom for the release of the stolen data. Latitude, in line with government advice, refused to pay the ransom demands.
“Latitude Financial has received a ransom demand from the criminals behind the cyber attack on our company,” it said in April.
“Latitude will not pay a ransom. This decision is consistent with the position of the Australian government.
“We will not reward criminal behaviour, nor do we believe that paying a ransom will result in the return or destruction of the information that was stolen.”