Latitude Confirms It Was Hacked, With Info on Over 300,000 Aussies Stolen

Australian financial services firm Latitude is alerting customers of a massive data breach, one it described as being the result of a “sophisticated and malicious cyber attack”.

If you’ve heard the name, but you’re not sure where, Latitude provides consumer finance services to the likes of JB Hi-Fi, Harvey Norman and The Good Guys, to name a few.

In a statement made Thursday, Latitude confirmed the theft of customer data. According to the company, the attacker appears to have stolen personal information that was held by two service providers (Latitude did not identify those service providers, however). In total, 328,000 customers are at risk.

Instead of sugarcoating or playing down the severity of the situation, Latitude just came out and said it:

“Latitude understands that approximately 103,000 identification documents, more than 97 per cent of which are copies of drivers’ licences, were stolen from the first service provider. Approximately 225,000 customer records were also stolen from the second service provider,” it wrote.

While that is admirable, this situation is severe and not much more is known at this stage.

Latitude said it took immediate action after becoming aware of the cyber attack, but said the attacker was able to obtain Latitude employee login credentials before the incident was isolated. The attacker appears to have then used these employee login credentials to steal the personal information that was held by those two unnamed service providers.

After becoming aware of the cyber attack, Latitude said it suspended customer services and said it was doing everything in its power to contain the attack and prevent the theft of further customer data.

Latitude extended an apology via the statement but said it would be directly contacting customers who are directly impacted by the cyber attack. It said that at this stage, there is no action required by customers, except to “maintain a normal level of vigilance on their accounts and report anything suspicious through our Customer Care team”.

Six months ago, Optus disclosed a data breach, followed closely by Medibank. The ramifications of both are still being felt by customers.

We’ll update this article as we learn more.