Clients of a major Australian personal finance company, Latitude Financial, have detailed how they have been attacked by hackers, as the company admits to losing the personal information of more than 300,000 clients in a massive cyberattack.
On Thursday, digital payments and lending firm Latitude Group Holdings Ltd revealed that a hacker had stolen the personal information of up to 328,000 customers, in one of the biggest data breaches this year.
Latitude, the company behind Latitude 28° Mastercards and the Buy Now, Pay Later LatitudePay service, has halted business after a hacker stole personal information held by two service providers using an employee’s login credentials.
Brisbane woman Tanya Moran told Daily Mail Australia that the first sign her 65-year-old mother Sharron had been targeted by scammers was a bizarre barrage of text messages in the middle of the night.
Brisbane woman Tanya Moran said the first sign her 65-year-old mother Sharron had been targeted by scammers was a bizarre text message barrage in the middle of the night (pictured)
Ms Moran said her mother became wary when she received a series of text messages from Latitude at 1:45 am containing verification codes for purchases she had not made.
Ms. Moran said that Sharron then received strange phone calls around 3:45 a.m. Thursday morning.
‘We verified the number that was from the scammers. So they seemed to have had access to all of their information,” he said.
We think they were trying to get the verification codes.
Ms. Moran and her mother logged into Sharron’s account around 7:30 am and saw ‘$300 in fraudulent charges’ on the Latitude 28° Global Platinum Mastercard.
“We couldn’t block the card or do anything without talking to Lattitude, but their phones were affected, so we’ve been waiting,” he said.
Ms Moran said her mother was ‘hot’ with scammers but feared others had ‘fallen for it’.
Latitude Financial said it had “experienced a data breach as a result of what appears to be a sophisticated and malicious cyberattack.”
Latitude sent an email to some customers alerting them that their “personal information” had been stolen.
The email read: ‘We are writing directly to inform you of a recent cyberattack to which Latitude Financial is actively responding. Unfortunately, the attack resulted in the theft of some customer data.
“The attacker appears to have stolen personal information from two Latitude service providers, affecting customers in Australia and New Zealand.”
The company then emphasized that most of the stolen data was identification documents, almost solely copies of customers’ driver’s licenses.
“As of today, we understand that approximately 103,000 identification documents, more than 97% of which are copies of driver’s licenses, were stolen from a service provider.”
‘Approximately 225,000 customer records were stolen from a second service provider.’
“Latitude apologizes to its customers, particularly those who have been affected.”
“Rest assured, we will contact you directly if your personal information has been disclosed.”
“We are working with the relevant authorities and have engaged cyber security specialists as we continue to do everything in our power to contain the attack.”
Some customers received an email from Latitude informing them that their “personal information” had been stolen, but stressed that most of the data was copies of driver’s licenses (pictured)
A Latitude customer noticed a strange transaction in his account Tuesday night
Another Latitude customer said he noticed a strange transaction on his Latitude 28° card Tuesday night.
‘I called 911 after hours to block my card. The call center has been closed ever since,” they said.
The transaction was for $1515.95 for a business called ‘Meta Store’.
The customer said he understood Meta to be Facebook’s parent company and suggested the hacker might have used his card to “pay for ads.”
The customer said he was surprised why he was not asked for a verification code for a transaction of that size, as was “normal for online purchases.”
In a statement to Daily Mail Australia, Latitude Financial said it had “experienced a data breach as a result of what appears to be a sophisticated and malicious cyberattack.”
We alerted the relevant authorities and engaged cybersecurity specialists as we continue to do everything in our power to contain the breach, including isolating and removing access to some internal and customer-facing systems.
Latitude customers expressed frustration at what many described as poor customer service following the announcement of the cyberattack (file image pictured)
But angry customers took to Latitude’s Facebook to vent their frustrations over what many described as poor customer service.
Many said they had tried to contact Latitude to find out if their data had been leaked, but were unable to reach anyone.
“As a customer, I look forward to more clarity on what prevents credit card companies from providing basic customer service,” said one.
‘Are we going to be notified soon if our data has been stolen? Should we change our passwords? Hello? Is anybody fucking there?’
Others claimed they had noticed “fraudulent” activity on their Latitude accounts.
A Latitude spokesperson responded by saying they did not “have an ETA” on when customer service lines would resume.
We’ll keep our page updated to let you know once we’re back online, please bear with us. Thank you for your patience,” the spokesperson said.
In February, Latitude shut down LatitudePay, a popular buy now, pay later service used at major retail chains including JB Hi-Fi, The Good Guys and David Jones (file image pictured)
In February, the company shut down LatitudePay, a popular buy now pay later service used by major retail chains including JB Hi-Fi, The Good Guys and David Jones.
LatitudePay allowed customers to spread the cost of purchasing the products over 10 interest-free weekly payments. The sudden shutdown of the service impacted more than 500,000 customers.
Latitude has not yet specified which branch of the company was affected by the recent attack.
The company revealed that around 103,000 identification documents were stolen from the first unidentified service provider. More than 97 percent of which were copies of driver’s licenses.
Around 225,000 customer records from the second service provider were stolen.
Latitude said it had detected unusual activity on its systems in recent days.
Australia has been hit by a series of cyberattacks since late last year, the biggest being health insurer Medibank Private and Optus, Singapore’s local Telecommunications unit.
The attack on Medibank affected 9.7 million customers, while more than 2 million Optus users were affected by a separate data breach.