Latitude Financial data breach: How scammers could manipulate driver's licence copies

Latitude Financial data breach widens as fears over copies of driver's licences grow


Latitude Financial has today released a statement to the Australian Stock Exchange (ASX) which confirms fears foreshadowed two days ago that the data breach is far worse than first anticipated.
When the company first reported the breach, the number of affected customers was around 330,000, however today a statement says "regrettably our review has uncovered further evidence of large-scale information theft affecting customers (past and present) and applicants across Australia and New Zealand".
At this stage, the company is yet to outline just how far-reaching the attack on its systems is but says "our people are working urgently to identify the total number of customers and applicants affected and the type of personal information that has been stolen".
READ MORE: Finance company warns customers that scale of data breach may widen

The Latitude Financial cyberattack is deeper than first thought, with concerns growing over what can be done with "copies" of driver's licences as opposed to simple numbers. (AFR)
Of concern for many Australians will be the fact this breach now appears to include both past and present customers, and past and present applicants.
This means people who applied for credit in any way with Latitude could be affected.
Those customers and applicants would cover at least seven years, as Latitude says it is "required to retain account records for at least seven years after an account is closed. This is to comply with Anti-Money Laundering and counter-terrorism financing laws".
Most alarming though is the reference to "copies of driver's licences", which is far worse than just a driver's licence number.
Many Australians learned during the Optus breach that, in fact, the number alone was not enough to result in widespread fraud or identity theft.
READ MORE: 'Employees left scrambling' after 12,000 fired from Google over e-mail

The company has closed some internal and customer facing systems as it attempts to shut down access to personal data. (Latitude Financial)
That's because financial systems now use a second number - the card number - to verify an ID document.
With copies of an actual licence, a hacker can essentially apply for credit on your behalf.
Latitude says it will cover the cost of any document replacement, and that it is offering IDCARE support and a dedicated customer contact centre for those customers affected.
The question is: who is affected and how many of them are there?
According to its website, Latitude Financial is contacting affected customers directly.