Thousands of customer IDs ransacked in Latitude cyber attack

Over 100,000 identification documents were stolen as part of the attack.

More than 103,000 identification documents, mainly driver’s licences, and around 225,000 customer records were stolen by attackers using employee login credentials, according to a Latitude Group Holdings (LGH) statement made on 16 March.

The Melbourne-based financial services provider supplies consumer finance across Australia and New Zealand, including personal loans, payment plans and other digital lending.

The ASX statement was made as part of a cyber incident report requesting a trading halt on LGH’s share price.

A Latitude spokesperson said the company detected unusual activity on its systems during the preceding days originating from a major vendor used by Latitude.

============

“As of today, Latitude understands that approximately 103,000 identification documents, more than 97 per cent of which are copies of driver’s licences, were stolen from the first service provider,” the spokesperson said.

“Approximately 225,000 customer records were also stolen from the second service provider.

“Latitude apologises to the impacted customers and is taking immediate steps to contact them. Latitude is continuing to respond to this attack and is doing everything in its power to contain the incident and prevent the theft of further customer data, including isolating and removing access to some customer-facing and internal systems.

“We are working with the Australian Cyber Security Centre, have alerted relevant law enforcement agencies and engaged several cyber security specialists to assist with Latitude’s response.

“Latitude will cooperate with authorities to investigate this attack. Our priorities are to ensure the ongoing security of our customers, our employees and our partners while continuing to deliver services.”