Latitude Financial hacked, 328000 customer IDs feared stolen
Consumer finance provider Latitude Financial said it has been the victim of a hacking incident and believes identification documents of 328,000 customers were stolen – including the drivers licence details of about 100,000 customers.
Latitude provides consumer finance services to Harvey Norman, JB Hi-Fi, The Good Guys, Apple and recently signed up David Jones. The company declined to say if consumers who are using financing from these companies are impacted.
Latitude said it believes identification documents of 328,000 customers were stolen.Credit:AFR
“Latitude apologises to the impacted customers and is taking immediate steps to contact them,” the company said in a statement to the ASX.
Latitude has drawn criticism from experts on the breach of its systems. “Here is another case of credential theft after Medibank incident. It’s time for the Australian companies to think hard about password and identity management,” Dr Jabed Chowdhury, a lecturer at La Trobe University’s Cyber Security Program, said.
“Two steps even three steps password protection mechanism is the need of the time.”
Loading
Latitude said the details were stolen from service providers it uses. The company did not clarify further, but this is believed to refer to companies that provide corporate services to Latitude.
Latitude said it was continuing to respond to what it describes as a malicious and sophisticated cyberattack and has removed access to some customer-facing and internal systems.
Unusual activity was noticed on its network earlier this week, originating from a major vendor it uses.
“While Latitude took immediate action, the attacker was able to obtain Latitude employee login credentials before the incident was isolated,” it said.
“The attacker appears to have used the employee login credentials to steal personal information that was held by two other service providers.”
The company has been placed into a trading halt until a further update is made about the hack attack in coming days.
Analysts are already expecting that the incident will trigger a multi-million dollar bill, but the longer-term damage is harder to assess.
“Longer term, the impact on the business is more difficult to gauge, as it is unclear presently what the extent of the incident will be and how much franchise damage that will cause,” Citi analyst Thomas Strong said in a note to client.
Loading
The attack follows recent major cyberattacks at Optus and Medibank.
Optus was the victim of a major cyber breach in September, with hackers obtaining the data of 10 million of its customers.
The breach will cost Optus at least $140 million, including replacing hacked identity documents, complimentary subscriptions to credit monitor Equifax and an independent report commissioned by Deloitte. The telco is also being investigated by Australia’s privacy and telecommunications watchdogs.
Medibank was hit by a cyberattack in October, with hackers accessing the basic account details of 9.7 million current and former customers.Credit:Louise Kennerley
Medibank’s incident in October was more serious with criminals accessing basic account details of 9.7 million current and former customers as well as health claims data for about 160,000 Medibank customers, 300,000 customers of its budget arm, ahm, and 20,000 international customers.
The hackers began leaking some of the stolen data onto the dark web and Medibank lost $2 billion from its market valuation at the height of the crisis. It still faces lawsuits and an investigation by the Office of the Australian Information Commissioner over its handling of the incident.
The Market Recap newsletter is a wrap of the day’s trading. Get it each weekday afternoon.
Loading
