Cyber-attacks on a finance company belonging to Latitude Financial that could have compromised the privacy of more than 300,000 people may have led to the breach of more than 300,000 people's data in New Zealand and Australia.
With Genoapay, Gem Visa, and GO Mastercard, the company also provides 28° Global credit cards, Infinity Rewards credit cards, and Low Rate credit cards. It also provides personal loans and vehicle loans through Latitude.
Meanwhile, two Latitude service providers had been compromised and some of their personal information had been stolen. According to an announcement published by the company on the Australian share market, this affected customers across Australia and New Zealand.
A sophisticated cyberattack has resulted in the theft of more than 100,000 identification documents including customer information. This includes 225,000 records relating to the customers of consumer lender Latitude Financial.
It was disclosed in a statement to the market on Thursday that the majority of identification documents used by the lender were copies of motorist licenses, which are issued by companies such as JB Hi-Fi and Harvey Norman who offer personal loans and credit to their customers.
During the last few days, the company detected unusual activity on its systems, which it said led to the investigation.
Even though Latitude took immediate action, the attacker was able to obtain access to the login credentials of Latitude employees before it was possible to isolate the incident, the company explained.
It appears that the attacker obtained personal information from two other providers of services by using employee login credentials provided by employees of the third company.
A series of hacks have occurred on Australian companies over the past few months, including hacks on Optus and Medibank, among others. This is the latest in this series of attacks.
The all too common case of massive data breaches that exposed the personal details of their customers has led to legal action being taken, or at least being considered, by several law firms against the telcos and health insurers.
According to a recent study by Professor Alex Frino of the University of Wollongong, many Australian listed companies weren't alerting their shareholders to serious cyber-attacks when they were facing serious cyber-attacks.
During the ten years covered by the study, 11 of the 36 cyber-attacks that were reported by the media against listed companies remained unreported to the market initially, according to the study released last month.
Since the mandatory data breach notification scheme was implemented in late 2014, it has received 853 notifications as the scheme has been in place for four years. Many cases are never publicly announced.
There have been suspensions of Latitude's share trading sessions as the lender attempts to contain the incident as much as possible.
According to Latitude, the company is taking immediate action to notify the affected customers and apologizes to those customers.
In response to this attack, Latitude continues to respond and is doing everything it can to contain it and prevent further data theft from taking place, including isolating and blocking access to some of the systems and data that are directly used by customers and internal employees.
A former CEO of Australia Post, Ahmed Fahour leads Latitude. In August, he will be retiring from the company as he will be stepping down at the end of the year.
As a result of the alleged promotion of no-deposit and interest-free payments for goods in the lender's advertisements, Harvey Norman and the corporate regulator are currently facing a lawsuit from the corporate regulator.
As a result of the ads allegedly failing to disclose that Latitude credit cards were required for purchases and that fees would apply, the Australian Securities and Investment Commission believes them to be misleading.
As part of its cooperation with the regulator, Latitude announced in a statement.
