Data of 14 Million Customers Stolen in Cyber Attack

Data of 14 Million Customers Stolen in Cyber Attack
A general view of indoor diners at a restaurant on Chapel Street in Melbourne, Australia on Oct. 22, 2021. Asanka Ratnayake/Getty Images
Daniel Y. Teng
Updated:

The hack of Australian finance firm, Latitude Financial, is worse than initially thought.

In mid-March, the consumer finance provider estimated around 328,000 customers had their data stolen by hackers, now that number has ballooned to over 14 million, according to an investor statement.

Latitude Group confirmed on March 27 that 7.9 million Australian and New Zealand driver’s licence numbers were stolen, of which 3.2 million (around 40 percent) were provided in the last 10 years.

Another 6.1 million records dating back to 2005 were stolen including names, addresses, telephone numbers, and dates of birth—of which 5.7 million (around 94 percent) were provided before 2013.

The company revealed 53,000 passport numbers had also been lost in the data hack, and less than 100 had their monthly financial statements taken as well.

Latitude said it would reimburse customers that have to replace their stolen documentation.

“We recognise that today’s announcement will be a distressing development for many of our customers and we apologise unreservedly,” the company said in the update.

“We are writing to all customers, past customers and applicants whose information was compromised outlining details of the information stolen and our plans for remediation.”

The Australian Federal Police and Australian Cyber Security Centre are investigating the incident.

Latitude has called on concerned customers to contact its call centres which are open between 9 a.m. to 6 p.m.

Latitude Will Wear the Consequences, Expert Says

On March 16, the Melbourne-based company—one of the biggest non-banking lenders in the country—called for a halt to trading while saying the incident had been isolated.

Latitude said the hackers obtained employee login credentials and were able to steal personal information via two “service providers” or contractors.

The attack is the latest in a series of cyberattacks targeting major Australian firms, including Optus (the second-largest telecommunications provider), Medibank (the largest private insurer), Woolworth’s MyDeal, and the Australian Department of Defence.

Rob Nicholls, associate professor at the University of New South Wales, said the major challenge for Latitude going forward would be winning back the confidence of consumers.

“We’ve seen Telstra and Vodafone take on a significant number of customers in the last quarter, primarily as a result of the breach of Optus,” he previously told The Epoch Times. “And that is a loss of trust. It becomes even more critical for a business that’s providing financial services.”

Nicholls also said that the fact an “external service provider” was responsible for losing the data did not abrogate Latitude from its responsibilities. A service provider could be the data host or credit reference provider used by Latitude.

“The fact that Latitude has taken customer information—entrusted to Latitude’s use—without ensuring those service providers have adequate cybersecurity is entirely problematic,” he said.

He pointed to the 2022 court case, ASIC v RI Advice Group Pty Ltd, that found financial service providers may be personally liable if a contractor has inadequate cybersecurity.

Nicholls also said too many businesses were quick to say “sophisticated” actors were behind cyberattacks.

“Even when the cyberattack isn’t terribly sophisticated, they claim there are state actors behind it,” he said.

“When there are high-value targets, like financial services that keep the information, or businesses that might be persuaded to pay a ransom for their own data set. You don’t need a state actor involved.”

Daniel Y. Teng
Daniel Y. Teng
Writer
Daniel Y. Teng is based in Brisbane, Australia. He focuses on national affairs including federal politics, COVID-19 response, and Australia-China relations. Got a tip? Contact him at [email protected].
twitter
Related Topics