​​​​​​​Latitude Financial hit by cyber attack, more than 300000 ...

Latitude Financial — a company that issues consumer loans and runs a buy now, pay later scheme used by major retailers — has revealed hackers have stolen the personal information of more than 300,000 customers, including drivers licences.

Key points:Latitude Financial told the ASX it has reported "unusual activity" on its systems in recent daysThe company says the personal information was taken from two service providers after hackers gained access to Latitude's staff login detailsLatitude has not disclosed who the two different service providers are

The non-bank lender told the ASX it had detected unusual activity on its systems "over the last few days" that "appears to be a sophisticated and malicious cyber attack".

The information stolen includes:

103,000 identity documents — with 97 per cent of those being copies of drivers' licences from one provider225,000 customer records from the second service provider.

Latitude provides buy now, pay later (BNPL) schemes to a number of major Australian retailers, including Harvey Norman, JB Hi-Fi, David Jones and The Good Guys.

It last month announced it is shutting down that BNPL offering in Australia and New Zealand.

It will continue to provide its main fare of personal credit cards, travel credit cards, and short-term personal loans.

UNSW cybersecurity expert Richard Buckland told ABC News the breach was "very concerning" given the level of information people have to give over to get loans.

"It's precisely the information an attacker needs to take out a loan in your name: the information you use to take out a loan in your name," Professor Buckland said.

Latitude has 2.8 million current customers. It could not tell ABC News whether the hack concerned only their data or potentially former customers too.

Professor Buckland said the company's statement was "a bit coy" about what precisely had been stolen.

He said it was unclear if the drivers licenses' card ID numbers had been accessed, which would make the breach more concerning than simply the cards themselves being stolen.

"This information could be, and will be presumably, shared and shared with other criminals," Professor Buckland said.

"It can be aggregated with other information to build a more accurate picture of you.

"And pieces of information, joined with other pieces of information, become more valuable to criminals.

"It's just more and more information that's available to impersonate you in a range of ways."

Latitude Financial says the data of more than 300,000 customers was stolen in the 'malicious' cyber attack.How did this cyber attack happen?

Latitude says the attack started from a major vendor the company uses, which the ABC understands was essentially a back-end infrastructure provider.

Latitude says the hackers then obtained the login details of a Latitude employee.

Those credentials were then used to steal identity documents from two of Latitude's service providers, the ASX-listed company said. 

Latitude says it's "doing everything in its power to contain the incident and prevent the theft of further customer data", and is contacting those customers affected by the attack.

The Australian Cyber Security Centre is working with the company, and Latitude says it's cooperating while authorities investigate. 

Latitude is just the latest high-profile company in Australia to be targeted by hackers.

In October, about 9.7 million current and former Medibank customers had their data accessed by criminals.

Optus data was also hacked.

Last month, the federal government announced plans to overhaul a $1.7 billion cyber security plan set up under Scott Morrison.

A national cyber office — led by a new coordinator for cyber security — will be established under the Home Affairs Department to lead the renewed strategy.

"This is this is not going away," Professor Buckland said.

"Hacks are happening all the time. Companies are still collecting data and not looking after it properly."

Latitude declined an interview with ABC News.

It only debuted on the ASX about two years ago. It entered a trading half before announcing the cyber attack.