ARN

Latitude cyber attack expands to 14M A/NZ records stolen

Up from an initial 300,000.

A cyber attack that affected Latitude Financial Services earlier this has been expanded to encompass over 14 million records stolen across Australia and New Zealand (A/NZ).

On 15 March, Latitude claimed that over 300,000 records had been stolen in an attack stemming from an unnamed “major vendor”.

At the time, 103,000 records were allegedly stolen from one of its service provider, with over 97 per cent of these being driver's licenses. Meanwhile, approximately 225,000 records were allegedly stolen from a second provider.

In an update on 27 March posted to the Australian Securities Exchange (ASX), Latitude claimed that about 7.9 million A/NZ driver licence numbers were stolen, with 3.2 million of these being provided in the last 10 years.

Approximately 6.1 million records going back to 2005 were also stolen, with 5.7 million of these provided before 2013.

In addition, roughly 53,000 passport numbers and less than 100 monthly financial statements were also taken.

Latitude CEO Ahmed Fahour said that the company is rectifying the affected platforms and has implemented additional security monitoring.

“We are committed to working closely with impacted customers and applicants to minimise the risk and disruption to them, including reimbursing the cost if they choose to replace their ID document,” he said.

“We are also committed to a full review of what has occurred. 

“We urge all our customers to be vigilant and on the look-out for suspicious behaviour relating to their accounts. We will never contact customers requesting their passwords.”

The company also said it is writing to all customers, past customers and applicants about which information was compromised and plans for remediation.

We are writing to all customers, past customers and applicants whose information was compromised outlining details of the information stolen and our plans for remediation. 

For affected individuals, Latitude said it has engaged the services of IDCARE, with its contact centres also being available.

The business also said that hardship support is available through the contact centres for customers that are in “a uniquely vulnerable position”.

In Australia, the October breach that occurred at Medibank, which has seen at least 200 gigabytes of sensitive information stolen, also saw IDCARE brought in to provide support for customers.