Login
ISCOVER
A non-bank lender expects to incur more than $50 million in total costs following a cyber attack.
Latitude Financial Group Holdings Ltd (Latitude) has revealed that it expects to incur costs of approximately $7 million in the first half of 2023 due to a cyber attack.
To continue reading the rest of this article, please log in.
Looking for more benefits? Become a Premium Member.
Create free account to get unlimited news articles and more!
Looking for more benefits? Become a Premium Member.
However, in its 1H23 and FY23 results announcement, Latitude disclosed that it anticipates the total costs to be around $53 million after tax in the first half of the financial year, which includes a $46 million provision.
The incident, which occurred in late March 2023, resulted in the theft of nearly 8 million driver’s licence numbers and hundreds of thousands of passport numbers.
Although Latitude has not observed any suspicious activity since 16 March 2023, the cyber attack disrupted the lender’s operations, managing director and chief executive Paul Belan said.
“While Latitude was able to continue processing transactions as it responded to the March cyber attack, new account originations and collections were closed or severely restricted for a period of approximately five weeks,” Mr Belan said.
As a result, the impacts of the attack, including an anticipated increase in credit provisions to 4.20 per cent, are expected to lead to a cash net profit after tax (NPAT) in the range of $5 million to $10 million for 1H23.
While Latitude has anticipated some “normalisation in loss rations across its portfolio”, the cyber attack has “materially worsened this trend” due to lost originations.
The company forecasts a statutory loss after tax in the range of $95 million to $105 million for 1H23, with an expected full-year result also incurring a loss.
Consequently, Latitude does not anticipate declaring a dividend for the six months ending 30 June 2023.
What happened?
Mr Belan explained the attack was detected in the company’s IT system, where “privileged credentials” were obtained via a third-party vendor.
Information stolen included 7.9 million driver’s licence numbers; personal details such as name, address, telephone number, and date of birth; income and expense information used to assess approximately 900,000 loan applications, with a further 6.1 million records compromised.
Moving forward, he said the company was focused on rebounding from previous business momentum, remediating affected customers, and rebuilding trust.
The attack remains under investigation by the Australian Federal Police.
[Related:Cyber attack to weigh on non bank lender's bottom line]
JOIN THE DISCUSSION