Latitude Financial, a leading Australian consumer finance company, has recently suffered a cyber attack that has compromised the personal information of its customers. The company has confirmed that the attack has affected a large number of its customers and that it is working closely with law enforcement agencies to investigate the matter.
What happened exactly?
Latitude Financial, one of Australia's top consumer finance providers, experienced a "sophisticated and malicious" cyber attack on March 12, 2023, which may have led to the compromise of 328,000 customer IDs.
Based on news reports, the data that was taken in the cyber attack comprised of personal identification documents such as driver's licenses, passports, and Medicare cards. Additionally, the cyber attackers were able to obtain certain customers' personal information, such as their names, addresses, phone numbers, and email addresses.
Around 300,000 customers' personal details, including 100,000 copies of driver's licenses, were reportedly compromised in the cyber attack on Latitude Financial, according to several news outlets.
How did it happen?
In their recent cyber attack on Latitude Financial, the attackers were able to gain access to the company's third-party service providers responsible for identity verification and credit checks by using staff logins. This approach allowed the attackers to bypass the company's own security measures and gain entry to sensitive information about Latitude Financial's customers. By compromising these third-party providers, the hackers were able to access a trove of personal data, including names, addresses, phone numbers, email addresses, and even copies of personal identification documents such as driver's licenses and passports.
This breach highlights the importance of implementing strong security protocols not only within an organization but also across all third-party service providers that handle sensitive customer data.
The attack was announced on March 16, 2023, at 6:20 pm AEDT
Should we be worried?
We still don’t know the full impact of the attack. The damage is still being assessed and investigated. Latitude Financial is still trying to see what is the long-term effect and if will it hit them in the days to come.
Latitude Financial began reaching out to affected customers yesterday, after sending a prior notice to all customers on Thursday, March 16th. The company has partnered with IDCARE to provide assistance to impacted customers and has set up specialized contact centres in Australia and New Zealand to handle customer inquiries. Additionally, Latitude Financial has informed its insurers about the event and is currently evaluating the financial implications of the incident.
As a result, Latitude Financial said it is not onboarding any new customers to its financial services.
In the coming days, we might see more news about the cyber attack and maybe more stolen information will be uncovered.