Context:

Last week, ​​consumer finance provider Latitude Financial suffered a cyberattack that compromised the personal information of around 330,000 customers in New Zealand and Australia. Most of the stolen data was copies of driver’s licenses or numbers, and only a small percentage were passport numbers or Medicare numbers. The Department of Internal Affairs has confirmed that customers don’t need to replace their passports, but Latitude has offered to pay for the replacement of identification documents at no cost to customers. IDCARE has been engaged to help impacted customers, and the company has launched a review into the breach.

What we know so far:

Australian financial services company Latitude Financial has officially confirmed that it has suffered a major data breach. The company has stated that information including drivers’ licences, passports, and Medicare numbers have already been stolen, and the scale of the breach could continue to expand. The attack remains active, and the company is still reviewing information. The Australian Federal Police is currently investigating the incident. 

The company’s customers, including the broader public, are angry and frustrated by the incident. As some have previously been involved in the previous breaches which have recently occured in Australia.

Industry Feedback:

Marty Edwards, Deputy CTO for OT/IT, Tenable on Latitude Financial Services reponds.

“First of all, organisations are to be applauded for cooperating with government and law enforcement agencies during incidents such as these. The cyberattack could be on Latitude Financial Services today or another organisation tomorrow. If you are an organisation handling critical information such as Personal Identifiable Information, you are 100% a target.”

“The fact is, this cyberattack is one of many to come as we’ve seen over the past six months in Australia. The rising number of cyberattacks means that cybercriminals are finding holes in our current defences and benefiting from them. The recent government reforms are much needed.”

“Organisations that make cyber hygiene fundamentals a priority will be far less attractive to cybercriminals. The only way to stay ahead of the curve is to find the weak spots in your defences proactively, before attackers can, and prioritise remediations based on organisational risk.” Comments, Marty Edwards, Deputy CTO – OT/IT at Tenable.

Latitude Financial is believed to be one of the first financial services companies in Australia to suffer a major data breach. Customers affected have expressed frustration over the lack of compensation and clear communication from both the company and government. This is the third such breach for some Latitude customers, who had previously suffered data breaches with Optus and Medibank. 

More updates to continue on Latitude Financial.