Millions of customers could soon be compensated through a class-action lawsuit, after Latitude Financial admitted that the records of more than 14 million Australians were hacked.
Law firms Hayden Stephens and Associates and Gordon Legal have announced a potential class action against the company, which provides consumer financing services to David Jones, JB Hi-Fi, Apple, The Good Guys and Harvey Norman.
Until very recently, Latitude also ran a buy now, pay later service called LatitudePay, which has recently been discontinued.
The lawsuit comes just a day after Latitude Financial announced the theft of a significant chunk of customer information — dating back to 2005, including 7.9 million driver’s license numbers, 53,000 passport numbers and 6.1 million customer records.
Less than 100 clients had their monthly financial records stolen.
Two law firms have launched an investigation into the Latitude Financial Services hack (pictured) after the personal information of millions of Australians and New Zealanders was stolen.
Law firms will investigate the hack as part of a possible class action and are urging clients to sign up for updates.
It must be determined how the breach occurred and what damage was passed on to Latitude customers, said attorney Hayden Stevens.
“A big part of our investigation is getting answers to these questions,” Mr. Stephens, director of Hayden Stephens and Associates, told Sunrise.
“It is possible, and even likely, that this breach could have been avoided.”
Stevens told The Australian earlier that the option of compensation was being explored.
While all clients are encouraged to sign up for updates from the investigation, clients will likely need to prove damage they suffered as a result of the violation in order to join a potential class action lawsuit.
“In circumstances where someone has experienced anxiety or anxiety or has seen evidence that data has been stolen or used in an inappropriate way, they are likely to join the class action,” Mr. Stephens said.
“What’s important is understanding what your rights are… Part of the investigation is getting answers to key questions and then providing information to consumers so they can make an informed decision about what they’d like to do next.”
The hack is also under investigation by the Australian Federal Police while Latitude Financial is working with the Australian Cyber Security Center and cyber security experts to find out why.
Hayden Stephens and Associates principal Hayden Stephens (pictured) urged all clients to sign up for updates on the investigation in order to decide whether they should join the potential class action lawsuit.
Latitude first updated the Australian Stock Exchange on March 16th, writing that it had identified unusual activity on its servers.
At first the company believed that only 308,000 identity documents had been stolen.
“We are writing directly to give you an update on a recent cyberattack that Latitude Financial is actively responding to,” Andrew Waldock, Latitude Financial’s COO, wrote to clients later that day.
Unfortunately, the attack resulted in some customer data being stolen.
Latitude apologizes to its customers, especially those affected.
The company believes there has been no suspicious activity since the original hack.
The company’s CEO, Ahmed Faour – who retired from his post on Friday – apologized “unreservedly” for the hack.
“It is extremely disappointing that so many additional clients and applicants have been affected by this incident,” he said in a statement to the ASX.
We are committed to working closely with affected clients and applicants to minimize the risk and disruption to them, including reimbursement of the cost if they choose to replace their ID document. We are also committed to a full review of what happened.
The March 16 hack stole about 14 million pieces of personal information, including 7.9 million driver’s license numbers, 53,000 passport numbers and 6.1 million customer records (stock).
Latitude now joins a string of companies that have been attacked by hackers over the past 12 months.
On March 29, real estate development giant Meriton confirmed that it had been the victim of a hack more than two months earlier on January 14.
The data stolen in the hack reportedly includes personal information such as bank details and birth certificates as well as employee information such as salaries and HR complaints.
Meriton warned the 1,889 people affected by the hack to take steps to protect their identity.
