Latitude Financial (Latitude), a digital payment, instalment and lending company has fallen victim to a cyberattack.
Latitude confirmed on its website that it had not noticed any suspicious activity on its systems since March 16, 2023.
However, the company identified that around 7.9 million Australian and New Zealand driver license numbers were stolen, of which around 3.2 million (40%) were provided to the company in the last 10 years.
The following other information was stolen by cyber criminals:
The records include some, but not all, of the following information: name, address, telephone, and date of birth.
“From the outset of the cyberattack on Latitude, we have sought to keep our customers, partners, employees, and the broader community as up-to-date as we can,” Latitude said. “This malicious attack on Latitude is under investigation by the Australian Federal Police, and we continue to work with the Australian Cyber Security Centre and our expert cybersecurity advisers.”
Latitude has implemented a comprehensive customer care program to support the affected customers. Some of the steps include:
Latitude urged its customers to remain vigilant and on the lookout for suspicious behaviour relating to their accounts.
“It is hugely disappointing that such a significant number of additional customers and applicants have been affected by this incident. We apologise unreservedly,” said Latitude CEO Ahmed Fahour. “We are committed to working closely with impacted customers and applicants to minimise the risk and disruption to them, including reimbursing the cost if they choose to replace their ID document. We are also committed to a full review of what has occurred.”
Latitude is continuing to restore its operations, rectify platforms impacted in the attack, and implement additional security monitoring.
“We thank customers and merchant partners for their support and patience. Customers can continue to make transactions on their Latitude credit card,” Fahour said.
The Latitude cyber incident follows the global mining group Rio Tinto's announcement that its Australian staff fell victim to a cyberattack.