Major Australian financial company Latitude hacked, 328k customers impacted

Viking

Level 26
Thread author
Verified
Honorary Member
Top Poster
Well-known
Oct 2, 2011
1,531
The details of a whopping 328,000 customers have been breached, with 100,000 of those expected to have had their drivers’ licences compromised.

ASX-listed Latitude, which provides credit cards to thousands of Australians, announced on Thursday morning that it has been targeted in a “sophisticated and malicious cyber attack”.
“The attacker appears to have used the employee login credentials to steal personal information that was held by two other service providers,” the company said in a statement to the ASX.

News.com.au understands customers have not yet been individually notified.
“Latitude apologises to the impacted customers and is taking immediate steps to contact them,” the statement added.

Latitude said it had noticed “unusual activity” on its systems in the last couple of days.

When they realised it was a cyber security breach, the firm took “immediate action” to minimise the damage.

However, unfortunately, by then it was too late.

They were unable to isolate the incident as employee login credentials had already been stolen.

The hacker was then able to use those credentials to steal more information from two other service providers.

“As of today, Latitude understands that approximately 103,000 identification documents, more than 97 per cent of which are copies of drivers’ licences, were stolen from the first service provider,” a company spokesperson said.

“Approximately 225,000 customer records were also stolen from the second service provider.”
.
 
Last edited by a moderator:

MuzzMelbourne

Level 15
Verified
Top Poster
Well-known
Mar 13, 2022
599
The details of a whopping 328,000 customers have been breached, with 100,000 of those expected to have had their drivers’ licences compromised.

ASX-listed Latitude, which provides credit cards to thousands of Australians, announced on Thursday morning that it has been targeted in a “sophisticated and malicious cyber attack”.
“The attacker appears to have used the employee login credentials to steal personal information that was held by two other service providers,” the company said in a statement to the ASX.

News.com.au understands customers have not yet been individually notified.
“Latitude apologises to the impacted customers and is taking immediate steps to contact them,” the statement added.

Latitude said it had noticed “unusual activity” on its systems in the last couple of days.

When they realised it was a cyber security breach, the firm took “immediate action” to minimise the damage.

However, unfortunately, by then it was too late.

They were unable to isolate the incident as employee login credentials had already been stolen.

The hacker was then able to use those credentials to steal more information from two other service providers.

“As of today, Latitude understands that approximately 103,000 identification documents, more than 97 per cent of which are copies of drivers’ licences, were stolen from the first service provider,” a company spokesperson said.

“Approximately 225,000 customer records were also stolen from the second service provider.”
No surprise here. Horrible company with a terrible reputation here.

Here's the official email I received tonight..

We’re writing to you directly to update you on a recent cyber-attack that Latitude Financial is actively responding to. Regrettably, the attack has resulted in the theft of some customer data.

The attacker appears to have stolen personal information that was held by two Latitude service providers, impacting customers across both Australia and New Zealand.

As of today, we understand that approximately 103,000 identification documents, more than 97% of which are copies of drivers’ licenses, were stolen from one service provider. Approximately 225,000 customer records were stolen from a second service provider.

Latitude apologises to its customers, particularly those who were impacted. Please be assured we will contact you directly if your personal information has been disclosed.

We are working with the relevant authorities and have engaged cyber security specialists as we continue to do everything in our power to contain the attack.

As a valued Latitude customer, we thank you for your understanding and patience. Our services remain available and you should have confidence in using them.

Please continue to monitor Latitude’s website where we will be publishing further information as it becomes available.

Andrew Walduck
Chief Operating Officer
 

Trident

Level 27
Verified
Top Poster
Well-known
Feb 7, 2023
1,628
Geez... thanks Ink. Just what I needed to 'sleep-on' tonight.
Samsung devices have built-in scam call protection via Hiya. On Apple devices the app can be installed for free. It doesn’t block them, but adds “Possible Scam” on the caller screen. You can also send all unidentified callers straight to voicemail from the iPhone settings.

In terms of emails, never click any links sent in emails, no matter what they look like. Always contact your bank directly via the banking app/site. You will be fine.

I suggest that you monitor your credit file closely using services like TransUinion. They have different providers working with them, some should be free. If you notice anything dodgy, call TransUnion.
 

Trident

Level 27
Verified
Top Poster
Well-known
Feb 7, 2023
1,628
Cheers, my tolerance of scam calls/mail is zero and everything I can do has been in place for years.

Just one of those things... I'll survive... I have no money to steal anyway!
Apple mail is quite good at filtering scam and spam. It does miss emails from time to time but when you report them, it seems to be learning. In terms of calls, when you don’t answer they lose interest in calling at one point 😀
I learned it from experience.
 

vtqhtr413

Level 26
Verified
Top Poster
Well-known
Aug 17, 2017
1,448

Latitude Financial data breach now impacts 14 million customers​

Unfortunately, after further investigating the incident, Latitude has revealed that the impact of the incident is much more significant, now believed to have affected 14 million customers or loan applicants from Australia and New Zealand. "As our forensic review continues to progress, we have identified that approximately 7.9 million Australian and New Zealand driver license numbers were stolen, of which approximately 3.2 million, or 40%, were provided to us in the last 10 years," reads the new statement. "A further approximately 6.1 million records dating back to at least 2005 were also stolen, of which approximately 5.7 million, or 94%, were provided before 2013." The 6.1 million customer records also include customers' full names, addresses, telephone numbers, and dates of birth.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top