Select Page

Incident: Coles confirms its customers impacted by Latitude Financial data breach | ABC News (Australia)

Incident: Coles confirms its customers impacted by Latitude Financial data breach | ABC News (Australia)

Australian Retail Third-Party Breach, 15 April 2023

Coles confirms its customers impacted by Latitude Financial data breach

Coles says it has not been informed of how many of its customers have been impacted, the data dates back as far as 2005

Company Statement: Latitude Cyber Response
Source: Coles confirms its customers impacted by Latitude Financial data breach | ABC News (Australia)

View more incidents from Retail sector and other reports relating to Coles.

Original Latitude Breah Report: Australian Financial Cyber Attack, 16 March 2023: Updated: Latitude Financial hit by cyber attack, 14 million customers documents stolen. The company says the personal information was taken from two service providers after hackers gained access to Latitude’s staff login details.

YouTube player

 
Supermarket giant Coles has confirmed it has been impacted by the Latitude Financial data breach, saying personal information used to issue historical Coles-branded credit cards has been stolen by a cyber criminal group.

The non-bank lender told the ASX it had detected unusual activity on its systems “over the last few days” that “appears to be a sophisticated and malicious cyber attack”.

    The information stolen includes:

  • 103,000 identity documents — with 97 per cent of those being copies of drivers’ licences from one provider
  • 225,000 customer records from the second service provider.

Latitude provides buy now, pay later (BNPL) schemes to a number of major Australian retailers, including Harvey Norman, JB Hi-Fi, David Jones and The Good Guys.

Latitude has 2.8 million current customers. It could not tell ABC News whether the hack concerned only their data or potentially former customers too.

Cyber Security and Home Affairs minister Clare O’Neil said Latitude was cooperating with the Australian Cyber Security Centre (ACSC) and regulators “to minimise the damage resulting from this incident”.

On March 27, the LAtitude confirmed that criminals had stolen 14 million customer records, with a large portion dating back to 2005.

Personal information included drivers’ licence numbers, names, addresses and dates of birth that were compromised in the breach, along with thousands of passport numbers.

In a statement on Saturday afternoon, Coles confirmed it has been informed by Latitude that its credit card offering had been impacted by the breach, but has not said how many customers have been impacted.

A spokesperson for Latitude Financial has confirmed that historical Coles credit card owners have been impacted by the data breach, and is in the process of contacting affected customers.

“We are disappointed that this cyber incident has taken place and apologise for the inconvenience and uncertainty created,” a Coles spokesperson said.

Coles moved its financial services to Citibank, which is owned by NAB, in 2018.

 


About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow the Source link to the original article to support the content owner. We only provide a brief summary with metadata to assist in categorisation.

More Australian News

Unfolding in real time: Artificial intelligence is reshaping cybersecurity

Key takeaways The cybersecurity capability of next-generation frontier artificial intelligence (AI) models is increasing rapidly. Large language … [...]

NSW Government Bulletin: Managing employee social media content in the public sector

Over recent years, the increase in social media activity across different platforms has facilitated opportunities for employees to comment on a broad … [...]

Australia: Pixel Perfect – The regulator addresses use of tracking pixels

On 11 June 2026, the Office of the Australian Information Commissioner (OAIC) published two determinations against Medmate Australia Pty Ltd (Medmate) … [...]

Discover how modern corporate investigations are shifting from email to chat and encrypted apps. Learn essential strategies for defensible forensic… [...]

Australian Cyber Aware - As It Was 2606 - June 2026

This monthly review provides a curated summary of Australian and New Zealand cyber, privacy, and information security developments identified during … [...]

Key Trends in Cyber Security and Data Privacy (2026): a General Counsel lens - Governance Institute of Australia

Cyber security and data privacy are now core governance tests – demanding clear decision-making authority, disciplined escalation and evidence that … [...]

OAIC ordered to turn over Amex privacy determination in full

Australia’s privacy watchdog has been told to turn over full details of an investigation into American Express that uncovered security and access … [...]

How to stay cyber secure: Australia’s top cyber agency releases Privileged User Training video series

The new training series offers a pathway for IT professionals to strengthen their cyber security skills and better understand cyber criminal … [...]

NSW Rural Fire Service admits security incident

The NSW Rural Fire Service (RFS) is investigating a cybersecurity incident after a hacker gained access to its information and communications … [...]

Scams surge as cybercrime falls

Cybercrime declined in Australia last year, but fraud and scams bucked the trend and victims have given up complaining, the Australian Institute of … [...]

Generation Life confirms customers impacted in April cyber incident

Aussie investment firm Generation Life has confirmed that customer data was impacted in a cyber attack it suffered back in April. • Fri, 26 Jun 2026 • … [...]

In wake of KPMG scandal, government considers splitting accounting firms' auditing and consulting arms

Accounting firms could be asked to split their lucrative consulting services from their audit functions and individual firm partners could face far … [...]

Shares
Share This

Discover more from Australian Cyber Aware

Subscribe now to keep reading and get access to the full archive.

Continue reading