Non-bank goes offline following ‘large-scale information theft’

“We are continuing our forensic review to determine the full extent of the attack on Latitude and the amount of personal information stolen by the attacker,” the group said.

“While to the best of our knowledge no compromised data has left Latitude’s systems since Thursday 16 March 2023, regrettably our review has uncovered further evidence of large-scale information theft affecting customers (past and present) and applicants across Australia and New Zealand.

“Our people are working urgently to identify the total number of customers and applicants affected and the type of personal information that has been stolen.”

The group revealed on 16 March that it had detected unusual activity on its systems that it can now confirm as a sophisticated, well organised, and malicious cyber attack.

On Monday (20 March) the non-bank lender confirmed that it had stopped onboarding new customers and could no longer service existing customers and partners.

“Our people are working around the clock to contain the attackers. We have taken the prudent action of isolating some of our technology platforms which means that we are currently not onboarding new customers,” the company said.

“Because the attack remains active, we have taken our platforms offline and are unable to service our customers and merchant partners. We cannot restore this capability immediately; however, we are working to do so gradually over the coming days and ask our customers for their continued patience.”

Latitude confirmed that approximately 330,000 customers and applicants have had their personal information stolen, the vast majority of which were copies of drivers’ licences or drivers’ licence numbers.

Less than 4 per cent were copies of passports or passport numbers and less than 1 per cent were Medicare numbers.

Outgoing chief executive Ahmed Fahour said he sincerely apologised to customers and partners for the distress and inconvenience the criminal act has caused.

“I understand fully the wider concern that this cyber attack has created within the community. Our focus is on protecting the ongoing security of our customers, partners and employees’ personal and identity information, while also doing everything we can to support customers and applicants who have had information stolen,” he said.

“While we continue to deliver transactional services, some functionality has been affected resulting in disruption. We are working extremely hard to restore full services to our customers and merchant partners and thank them for their patience and support.”

[Related: SMEs lack cybersecurity maturity]