Incident: Updated – Latitude Financial hit by cyber attack, more than 300,000 identity documents stolen | ABC News (Australia)
Australian Financial Cyber Attack, 16 March 2023
Updated: Latitude Financial hit by cyber attack, 14 million customers more than 300,000 identity documents stolen
The company says the personal information was taken from two service providers after hackers gained access to Latitude’s staff login details
Company Statement: Latitude Cyber Response
Source: Latitude Financial hit by cyber attack, more than 300,000 identity documents stolen | ABC News (Australia)
View more incidents from Banking and Finance sector.
Updated Report 16 April
Roughly 14 million customer records stolen from Latitude Financial could be posted to the dark web after the personal finance company refused to pay a ransom request demanded by the group behind last month’s cyber attack.
Latitude Financial is still investigating the breach and has been steadily emailing customers letting them know their personal details have been compromised.
But people who believe they were never a Latitude customer are also receiving emails from the company, saying their personal details have been affected.
Because some of the data that was stolen from Latitude Financial dates back to 2005 — meaning customers of GE Money between 2005 and 2015 have been affected by the breach.
Latitude Financial told the ASX on March 27 that only 40 per cent of the 7.9 million drivers licence numbers that were stolen were from the past decade — meaning 60 per cent, or around 4.7 million, pre-dated 2013.
Initial Report 16 March
Latitude Financial is responding to a cyber-attack that has resulted in the theft of personal information. The theft impacts customers, past customers and applicants across Australia and New Zealand. The company that issues consumer loans and runs a buy now, pay later scheme used by major retailers — has revealed hackers have stolen the personal information of more than 300,000 customers, including drivers licences.
The non-bank lender told the ASX it had detected unusual activity on its systems “over the last few days” that “appears to be a sophisticated and malicious cyber attack”.
- The information stolen includes:
- 103,000 identity documents — with 97 per cent of those being copies of drivers’ licences from one provider
- 225,000 customer records from the second service provider.
Latitude provides buy now, pay later (BNPL) schemes to a number of major Australian retailers, including Harvey Norman, JB Hi-Fi, David Jones and The Good Guys.
Latitude has 2.8 million current customers. It could not tell ABC News whether the hack concerned only their data or potentially former customers too.
Cyber Security and Home Affairs minister Clare O’Neil said Latitude was cooperating with the Australian Cyber Security Centre (ACSC) and regulators “to minimise the damage resulting from this incident”.
GE Capital Finance had a partnership with Coles Group to offer branded credit cards for Coles and Myer — a relationship that was formed when Coles Myer sold its credit card business to GE Capital back in 1995.
