Latitude Financial says its decision not to pay a ransom following a major cyber-attack and data breach is in line with government policy.
Latitude Financial says its decision not to pay a ransom following a major cyber-attack and data breach is in line with government policy. Photograph: Bloomberg/Getty Images
Cybercrime
This article is more than 4 months old
Latitude Financial vows not to pay ransom to hackers in wake of massive data breach
This article is more than 4 months old
Lender says ‘no guarantee’ paying ransom would result in destruction of data and doing so ‘would only encourage further extortion attempts’
Follow our Australia news live blog for the latest updates
Get our morning and afternoon news emails, free app or daily news podcast
Jonathan Barrett
@barrett_ink
Tue 11 Apr 2023 00.03 EDT
Consumer lender Latitude Financial has vowed not to pay a ransom to those behind a massive cyber-attack that resulted in the largest-known data breach of an Australian financial institution.
Latitude, which offers personal loans and credit to customers at stores including JB Hi-Fi, The Good Guys and Harvey Norman, said on Tuesday that its position was in line with Australian government policies.
“Latitude will not pay a ransom to criminals,” Latitude’s chief executive, Bob Belan, said in a statement.
Ahmed Fahour, CEO of Latitude Financial
Latitude Financial faces possible class action after millions affected by data breach
Read more
“Based on the evidence and advice, there is simply no guarantee that doing so would result in any customer data being destroyed and it would only encourage further extortion attempts on Australian and New Zealand businesses in the future.”
The lender said the stolen data the attackers detailed as part of a ransom was consistent with the updated number of affected customers disclosed by Latitude late last month.
Around 14m customer records, including driver’s licence numbers, passport numbers and financial statements, were stolen from its system in a cyber-attack that was far worse than the company initially reported.
Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup
The stolen details include 7.9m Australian and New Zealand driver’s licence numbers and 53,000 passport numbers. A further 6.1m customer records were also stolen, of which 5.7m were provided before 2013.
Many of the documents are viewed by cybersecurity experts as particularly sensitive, because they contain unique identifiers that can be used in conjunction with general information readily available about a person to potentially steal an identity.
The Latitude breach also raises questions about how companies store data and why many businesses retain copies of documents beyond the seven-year timeframe required for certain records. The attack is the latest in a series of major data breaches, following hacks at Optus and Medibank, among others.
skip past newsletter promotion
Sign up to Morning Mail
Free daily newsletter
Start your day with our Australian curated news roundup, straight to your inbox
Privacy Notice: Newsletters may contain info about charities, online ads, and content funded by outside parties. For more information see our Privacy Policy. We use Google reCaptcha to protect our website and the Google Privacy Policy and Terms of Service apply.
after newsletter promotion
hack stock image
Latitude Financial cyber-attack worse than first thought with 14m customer records stolen
Read more
“People are now at constant risk of identity fraud – and worse – because organisations collect too much information, keep it too long, and store it insecurely,” said Justin Warren, the chair of Electronic Frontiers Australia. The digital rights group believes existing privacy protections are ineffective and must be reformed.
The government has opened up a public debate on the issue of cyber laws that could include giving expanded powers to federal agencies to intervene when private companies come under attack. The payment of ransoms could also be banned under legislative changes.
Latitude said regular business operations were being restored after it had taken its platforms offline in response to the attack.
“Our priority remains on contacting every customer whose personal information was compromised and to support them through this process,” said Belan, who recently took over as chief executive from Ahmed Fahour.
Cybercrime
This article is more than 4 months old
Latitude Financial vows not to pay ransom to hackers in wake of massive data breach
This article is more than 4 months old
Lender says ‘no guarantee’ paying ransom would result in destruction of data and doing so ‘would only encourage further extortion attempts’
Follow our Australia news live blog for the latest updates
Get our morning and afternoon news emails, free app or daily news podcast
Jonathan Barrett
@barrett_ink
Tue 11 Apr 2023 00.03 EDT
Consumer lender Latitude Financial has vowed not to pay a ransom to those behind a massive cyber-attack that resulted in the largest-known data breach of an Australian financial institution.
Latitude, which offers personal loans and credit to customers at stores including JB Hi-Fi, The Good Guys and Harvey Norman, said on Tuesday that its position was in line with Australian government policies.
“Latitude will not pay a ransom to criminals,” Latitude’s chief executive, Bob Belan, said in a statement.
Ahmed Fahour, CEO of Latitude Financial
Latitude Financial faces possible class action after millions affected by data breach
Read more
“Based on the evidence and advice, there is simply no guarantee that doing so would result in any customer data being destroyed and it would only encourage further extortion attempts on Australian and New Zealand businesses in the future.”
The lender said the stolen data the attackers detailed as part of a ransom was consistent with the updated number of affected customers disclosed by Latitude late last month.
Around 14m customer records, including driver’s licence numbers, passport numbers and financial statements, were stolen from its system in a cyber-attack that was far worse than the company initially reported.
Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup
The stolen details include 7.9m Australian and New Zealand driver’s licence numbers and 53,000 passport numbers. A further 6.1m customer records were also stolen, of which 5.7m were provided before 2013.
Many of the documents are viewed by cybersecurity experts as particularly sensitive, because they contain unique identifiers that can be used in conjunction with general information readily available about a person to potentially steal an identity.
The Latitude breach also raises questions about how companies store data and why many businesses retain copies of documents beyond the seven-year timeframe required for certain records. The attack is the latest in a series of major data breaches, following hacks at Optus and Medibank, among others.
skip past newsletter promotion
Sign up to Morning Mail
Free daily newsletter
Start your day with our Australian curated news roundup, straight to your inbox
Privacy Notice: Newsletters may contain info about charities, online ads, and content funded by outside parties. For more information see our Privacy Policy. We use Google reCaptcha to protect our website and the Google Privacy Policy and Terms of Service apply.
after newsletter promotion
hack stock image
Latitude Financial cyber-attack worse than first thought with 14m customer records stolen
Read more
“People are now at constant risk of identity fraud – and worse – because organisations collect too much information, keep it too long, and store it insecurely,” said Justin Warren, the chair of Electronic Frontiers Australia. The digital rights group believes existing privacy protections are ineffective and must be reformed.
The government has opened up a public debate on the issue of cyber laws that could include giving expanded powers to federal agencies to intervene when private companies come under attack. The payment of ransoms could also be banned under legislative changes.
Latitude said regular business operations were being restored after it had taken its platforms offline in response to the attack.
“Our priority remains on contacting every customer whose personal information was compromised and to support them through this process,” said Belan, who recently took over as chief executive from Ahmed Fahour.
