Australia’s Latitude Financial Hit by Cyberattack, Exposing 328K Client Data
At least 100K IDs Were Compromised.
On Thursday, Latitude Group Holdings, an Australian company that handles digital payments and loans, revealed that a hacker had obtained the personal information of around 328,000 clients from two service providers by using staff login credentials.
Around 103,000 identification documents were stolen from the first service provider, with over 97% of them being copies of drivers’ licenses, while approximately 225,000 client records were stolen from the second service provider.
We apologize to any customers directly impacted and will be contacting them directly. The attacker appears to have stolen personal information that was held by two service providers.
As of today, Latitude understands that approximately 103,000 identification documents, more than 97% of which are copies of drivers’ licences, were stolen from the first service provider. Approximately 225,000 customer records were also stolen from the second service provider.
Latitude claimed it had observed suspicious activity on its systems over the past few days coming from one of its “major” vendors, but did not specify which one.
Latitude Financial (ASX: LFS) has detected unusual activity on its systems over the last few days that appears to be a sophisticated and malicious cyber-attack. The activity is believed to have originated from a major vendor used by Latitude. While Latitude took immediate action, the attacker was able to obtain Latitude employee login credentials before the incident was isolated.
Latitude, which offers consumer finance services to major Australian retailers like Harvey Norman and JB Hi-Fi has stated that it is working to manage the situation and prevent further loss of customer data.
In addition, the supplier of loans, credit cards, and insurance stated that it was collaborating with the Australian Cyber Security Centre and necessary authorities to investigate the incident.
The company launched a dedicated help page for updates regarding the cyberattack, available here.
The company’s shares were halted at 0250 GMT, according to Reuters. Latitude Financial has 2.8 million current clients.
Analysts at Citibank stated that, based on the size of organization and client bases, a range of A$10 million to A$15 million could be a reasonable estimate for impact on costs.
The incident follows those of Medibank and Optus, which exposed the personal information of 9.7 million and 2 million Australians, respectively, in October last year.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.