Latitude Financial Reveals Extent of Cyber Attack: 14 Million Customers Affected

 

Recently, Latitude Financial, a company listed on the Australian Securities Exchange (ASX), reported that it had suffered a cyber attack. The company stated that the attack was believed to have originated from a major vendor used by the company and that the attacker had obtained login credentials from an employee. The attacker then used these credentials to steal personal information that was held by two other service providers. 

Latitude Financial provides a range of financial services, including loans, credit cards, and insurance, in Australia, New Zealand, Canada, and Singapore. The company also offers interest-free installments for customers of retailers such as JB Hi-Fi, The Good Guys, and David Jones when they shop online. 

Following the attack, DXC Technology, a global technology services company, issued a statement on its website confirming that its global network and customer support networks were not compromised in the attack on Latitude Financial. 

Ten days after Latitude Financial revealed that it had suffered a cyber attack, the company discovered that the breach was much more severe than initially believed. Data from 14 million people had been accessed, rather than the 330,000 that was initially thought. 

The attacker had used the stolen employee credentials to access customer data stored by both service providers before the incident was patched. As of 27 March, Latitude Financial had identified that 7.9 million Australian and New Zealand driver license numbers were stolen, with approximately 3.2 million of them provided to the company in the last 10 years. Additionally, around 53,000 passport numbers were accessed, and fewer than 100 customers had a monthly financial statement stolen. 

The company further confirmed that 6.1 million records dating back to 2005 had been accessed, including customers' names, addresses, telephone numbers, and dates of birth. 

In response to the breach, Latitude Financial's Chief Security Officer, Ahmed Fahour, stated that the company was committed to working closely with affected customers and applicants to minimize risk and disruption, including compensating the cost of replacing ID documents. The company also urged its customers to be vigilant and report any suspicious behavior relating to their accounts and reminded them that the company would never contact them to request passwords.