Latitude Financial hack may have been bigger than first thought
Latitude Financial’s hack of Australians could be bigger than first believed, as the company issues a vague statement warning the attack was “on a large scale”
- Australian lender Latitude reported a cyber attack last week
- Has affected current and former customers in Aus and NZ
- Licenses, passports and Medicare numbers were stolen
More Australians than initially believed may have had their personal details stolen following a cyberattack on major lender Latitude Financial.
The Melbourne-based financial firm, which offers short-term loans, credit cards and a buy now pay later service with retailers including JB Hi-Fi, Harvey Norman and Apple, initially reported a data breach last Thursday, in the largest known hack. in an Australian company this year so far.
At the time, the company estimated that some 330,000 customers had been caught in the breach.
But Latitude revealed this week that, following an internal review, the company is still trying to determine how many customers in Australia and New Zealand were affected, confirming that the attack affected both current and former customers.
The personal data that was stolen in the breach included driver’s licenses, passports and Medicare numbers.
Millions of Australians may have had their information stolen following a cybersecurity attack on financial firm Latitude (file image)
“Latitude is committed to keeping our customers, partners, employees, and the broader community as up-to-date as possible as we respond to this attack,” the statement read.
“We are continuing our forensic review to determine the full scope of the attack on Latitude and the amount of personal information stolen by the attacker.”
Latitude said that “to the best of our knowledge” no data had been taken from the company’s system since last Thursday, but the review found “further evidence of large-scale data theft affecting customers.”
“Our people are working urgently to identify the total number of clients and applicants affected and the type of personal information that has been stolen,” Latitude said.
“We appreciate how frustrating this latest development will be for our customers and we apologize unreservedly.”
The company has promised to provide a further update on the ordeal “once we have determined the full extent of the theft.”
They will also contact customers and applicants who have been affected by the hack.
“Our focus remains strong on containing this attack, progressing our forensic review of the actions taken by the attacker, and gradually restoring operational capability over the next few days,” Latitude added.
The Melbourne-based lender, which offers short-term loans, credit cards and a buy-now-pay-later service with retailers including JB Hi-Fi, Harvey Norman and Apple, reported the data breach last Thursday (image from archive)
Latitude confirmed that current and former customers in Australia and New Zealand were affected by the data breach following an internal review.
The cybersecurity breach has angered Latitude’s estimated 2.8 million customer base.
Many criticized the lender for failing to inform customers sooner about what personal information was stolen and who was affected.
It comes months after telecommunications company Optus and one of Australia’s largest health insurers, Medibank, became targets of two separate cyberattacks.
Hackers stole information from Optus’ 2.8 million customers, including their passport and driver’s license numbers, email and home addresses, dates of birth, and phone numbers.
They managed to steal the data after reportedly exploiting a weakness in the company’s firewall.
The Medibank hack affected an estimated 9.7 million customers, some of whom had their tax file numbers, bank account information and medical checks stolen.