Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Latitude expects much more data was stolen in recent breach

The Latitude Financial cyber attack is set to worsen, with the company saying that it expects to uncover even more stolen data.

user icon Daniel Croft
Tue, 21 Mar 2023
Latitude expects much more data was stolen in recent breach
expand image

The financial services organisation, which is responsible for offering individuals and businesses a range of services, including digital payment services, loans, credit cards and insurance, announced on 16 March 2023 that it was the victim of a cyber attack that saw customer data stolen.

In a press release posted on 20 March 2023, the company said that to prevent additional attacks, it has taken some of its systems offline. Approximately 330,000 customers have been affected so far.

“Because the attack remains active, we have taken our platforms offline and are unable to service our customers and merchant partners,” said Latitude in its public statement to the ASX.

============
============

“We cannot restore this capability immediately, however we are working to do so gradually over the coming days and ask our customers for their continued patience. Our restoration of these services is aligned to our forensic review.”

The company has also said that it has been working alongside the Australian Cyber Security Centre (ACSC), relevant government agencies and the Australian Federal Police (AFP), the last of which has begun an investigation into the financial services organisation.

Latitude is also conducting an extensive forensic investigation into its systems in an effort to “identify the full extent of the theft of customer information as a result of the attack”.

The company expects that more stolen data will be uncovered, affecting both current and former customers, as well as non-customers.

“As our review deepens to include non-customer originating platforms and historical customer information, we are likely to uncover more stolen information affecting both current and past Latitude customers and applicants,” it said.

“We will provide a further update when we have more information to share.”

At the time of writing, Latitude has said that the hack has seen the data of approximately 330,000 customers and applicants stolen, with 96 per cent of that data being in the form of driver’s license copies and numbers.

This is a considerable increase from the 225,000 estimate Latitude issued only days ago when the hack was first announced.

The remaining 4 per cent was made up of copies of passports and passport numbers and Medicare numbers.

Latitude has said that from yesterday, when the press release was posted, it will begin informing affected customers directly, reiterating that it had contacted all of its customers days earlier. The breach was first announced on 16 March, with customers informed directly by the company the next day.

However, customers have been critical of Latitude’s handling and lack of communication, with many frustrated that media reports were their initial source of information on the breach rather than direct communication from the financial services company.

“Only 36 hours to receive an email that says nothing,” said one customer on Twitter.

“No clarity if credit card business is impacted or not. Great job, Latitude.”

Another customer has said that they were affected despite having closed their account.

Latitude has said that it has established contact centres across Australia and New Zealand and has engaged IDCARE services. Customers can contact IDCARE on 1800 595 160.

Latitude has been contacted by Cyber Security Connect requesting more information on the nature of the attack.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.