Financial services firm Latitude hit by cyberattack

Latitude Financial (Latitude), a digital payment, instalment and lending company has fallen victim to a cyberattack.

Latitude confirmed on its website that it had not noticed any suspicious activity on its systems since March 16, 2023.

However, the company identified that around 7.9 million Australian and New Zealand driver license numbers were stolen, of which around 3.2 million (40%) were provided to the company in the last 10 years.

The following other information was stolen by cyber criminals:

• Approximately 53,000 passport numbers;
• Fewer than 100 customers with a monthly financial statement, and
• Approximately 6.1 million records dating back to at least 2005, of which around 5.7 million (94%) were provided to the company before 2013.

The records include some, but not all, of the following information: name, address, telephone, and date of birth.

“From the outset of the cyberattack on Latitude, we have sought to keep our customers, partners, employees, and the broader community as up-to-date as we can,” Latitude said. “This malicious attack on Latitude is under investigation by the Australian Federal Police, and we continue to work with the Australian Cyber Security Centre and our expert cybersecurity advisers.”

Supporting impacted customers

Latitude has implemented a comprehensive customer care program to support the affected customers. Some of the steps include:

• Latitude's dedicated contact centres are available for affected customers in Australia and New Zealand between 9am and 6pm AEDT/NZST from Monday  to Friday;
• Hardship support is available via the company's dedicated contact centres for customers in a uniquely vulnerable position due to the cyberattack;
• The company engaged IDCARE, a not-for-profit organisation specialising in providing free, confidential cyber incident information and assistance; and
• Mental health and wellbeing support is free through the support line 1800 808 374 (Australia) and 0800 808 374 (New Zealand).

Latitude urged its customers to remain vigilant and on the lookout for suspicious behaviour relating to their accounts.

“It is hugely disappointing that such a significant number of additional customers and applicants have been affected by this incident. We apologise unreservedly,” said Latitude CEO Ahmed Fahour. “We are committed to working closely with impacted customers and applicants to minimise the risk and disruption to them, including reimbursing the cost if they choose to replace their ID document. We are also committed to a full review of what has occurred.”

Latitude is continuing to restore its operations, rectify platforms impacted in the attack, and implement additional security monitoring.

“We thank customers and merchant partners for their support and patience. Customers can continue to make transactions on their Latitude credit card,” Fahour said.

The Latitude cyber incident follows the global mining group Rio Tinto's announcement that its Australian staff fell victim to a cyberattack.