What's happening with the Latitude Financial cyber attack? Millions of customer details stolen in one of the largest-known data breaches in Australia - ABC News

What's happening with the Latitude Financial cyber attack? Millions of customer details stolen in one of the largest-known data breaches in Australia
By Dinah Lewis Boucher
Posted Mon 27 Mar 2023 at 8:02amMonday 27 Mar 2023 at 8:02am
Hacker in front of the computer
The non-bank lender says nearly 8 million drivers licence numbers were stolen.(Pexels: Tima Miroshnichenko)
Help keep family & friends informed by sharing this article

Link copied
COPY LINK
SHARE
Millions of Australian and New Zealand customers have had their records stolen in the attack on Latitude Financial announced a fortnight ago.

The data includes up to 7.9 million drivers licence numbers and 53,000 passport numbers.

The attack is the largest-known data breach on a financial institution in Australia.

Here's what we know about the Latitude hack so far.

What do we know about who has been hit by the cyber attack?
The consumer finance company announced on Monday:

7.9 million Australian and New Zealand drivers licence numbers have been stolen
about 53,000 passport numbers were stolen
less than 100 customers had a monthly financial statement stolen
An additional 6.1 million records dating back to "at least 2005" were also stolen. Of this, the company said approximately 5.7 million, or 94 per cent, were provided before 2013.

The hack is far worse than first thought
Latitude first announced it had been impacted by a cyber hack less than a fortnight ago — on March 16 —saying that personal data of almost 330,000 customers had been stolen.

On Monday it confirmed the number of people impacted by this data breach was in the millions.

What is the Latitude Financial CEO saying about it?
"We are rectifying platforms impacted in the attack and have implemented additional security monitoring as we return to operations in the coming days," chief executive officer Ahmed Fahour said in a statement.

"We apologise unreservedly."

Customers who choose to replace their stolen ID document will be reimbursed, the Melbourne-based company has said.

In an announcement to the ASX on Monday the company also said:

"We recognise that today's announcement will be a distressing development for many of our customers.

"We are writing to all customers, past customers and applicants whose information was compromised outlining details of the information stolen and our plans for remediation."

What does Latitude Financial advise if you suspect you're at risk?
"Be vigilant with all online communications and transactions," the non-bank lender said in its statement to the ASX on Monday.

Here's how to replace your identity documents
Here's what to do if you think your personal details have been accessed by hackers.

Computer security
Read more
It also added:

Stay alert for phishing scams via phone, post or email
Ensuring communications received are legitimate
Not opening texts from unknown or suspicious numbers
Changing passwords regularly with "strong" passwords, not re-suing passwords, and activating multi-factor authentications when available on any online accounts
Latitude will not contact customers asking for passwords or sensitive information
When did this data hack happen?
The company first announced the hack less than a fortnight ago and said it believed the data of around 330,000 people had been accessed.

Latitude announced it had "detected unusual activity on its systems over the last few days that appears to be a sophisticated and malicious cyber attack".

It said the attack appeared to have originated from "a major vendor used by Latitude".

This resulted in the attacker obtaining Latitude employee login credentials before being stopped.

Those credentials were then used to steal personal information held by other service providers.

What is Latitude Financial doing about the security breach?
The attack is now the subject of an investigation by the Australian Federal Police.

It says it will "continue to work with the Australian Cyber Security Centre and our expert cyber security advisers."

Latitude Financial provides loans, insurance and credit cards with retailers, including David Jones, JB Hi-Fi, The Good Guys and Harvey Norman.

Read more about the Latitude cyber hack:
A visual history of data breaches in Australia reveals a problem of staggering scale
Up to 8 million Latitude Financial customers believed to have data stolen in cyber attack
Latitude Financial customers frustrated at lack of communication after cyber attack
What is the government doing about the security breach?
"Latitude Financial is cooperating with the government in responding to this incident, and we expect the company to continue to swiftly provide the government with all information it needs," Minister for Cyber Security Clare O'Neil said in a statement.

"It remains our position that no customer should bear the cost of a data breach, and we are working with Latitude Financial to ensure that the customers affected by this attack are protected from immediate and future risks."

The federal government has also announced plans for a national cyber office to be established to lead emergency responses to cyber attacks.

In the wake of the Optus and Medibank hacks, the federal government said it would rewrite Australia's cyber laws to give the government more powers to intervene.