Australian Retail Third-Party Breach, 15 April 2023

Coles confirms its customers impacted by Latitude Financial data breach

Coles says it has not been informed of how many of its customers have been impacted, the data dates back as far as 2005

Company Statement: Latitude Cyber Response
Source: Coles confirms its customers impacted by Latitude Financial data breach | ABC News (Australia)

View more incidents from Retail sector and other reports relating to Coles.

Original Latitude Breah Report: Australian Financial Cyber Attack, 16 March 2023: Updated: Latitude Financial hit by cyber attack, 14 million customers documents stolen. The company says the personal information was taken from two service providers after hackers gained access to Latitude’s staff login details.

 
Supermarket giant Coles has confirmed it has been impacted by the Latitude Financial data breach, saying personal information used to issue historical Coles-branded credit cards has been stolen by a cyber criminal group.

The non-bank lender told the ASX it had detected unusual activity on its systems “over the last few days” that “appears to be a sophisticated and malicious cyber attack”.

The information stolen includes:
• 103,000 identity documents — with 97 per cent of those being copies of drivers’ licences from one provider
• 225,000 customer records from the second service provider.

Latitude provides buy now, pay later (BNPL) schemes to a number of major Australian retailers, including Harvey Norman, JB Hi-Fi, David Jones and The Good Guys.

Latitude has 2.8 million current customers. It could not tell ABC News whether the hack concerned only their data or potentially former customers too.

Cyber Security and Home Affairs minister Clare O’Neil said Latitude was cooperating with the Australian Cyber Security Centre (ACSC) and regulators “to minimise the damage resulting from this incident”.

On March 27, the LAtitude confirmed that criminals had stolen 14 million customer records, with a large portion dating back to 2005.

Personal information included drivers’ licence numbers, names, addresses and dates of birth that were compromised in the breach, along with thousands of passport numbers.

In a statement on Saturday afternoon, Coles confirmed it has been informed by Latitude that its credit card offering had been impacted by the breach, but has not said how many customers have been impacted.

A spokesperson for Latitude Financial has confirmed that historical Coles credit card owners have been impacted by the data breach, and is in the process of contacting affected customers.

“We are disappointed that this cyber incident has taken place and apologise for the inconvenience and uncertainty created,” a Coles spokesperson said.

Coles moved its financial services to Citibank, which is owned by NAB, in 2018.