As was foreshadowed by Latitude Financial last week, their data breach reported in mid-March has proven to be far far worse than first expected.

The company has today reported to the ASX that while there has been no suspicious activity on their systems since the 16th March, their forensic review of the incident has uncovered the sheer scale of the breach.

Latitude now reports that 7.9 million Australian and New Zealand driver licence numbers were stolen, 40% of which (3.2 million) are from the last ten years.

This raises serious questions about the company’s data retention policies, as clearly 60% of those documents were provided over 10 years ago. However, that could be accounted for by those customers remaining Latitude clients, but that doesn’t match with the reported customer base of 2.8 million.

In addition, the company says “approximately 53,000 passport numbers were stolen.”, and “A further approximately 6.1 million records dating back to at least 2005 were also stolen, of which approximately 5.7 million, or 94%, were provided before 2013.” Again, this raises serious questions about the data retention of customer information and will need to be answered by the company.

These records include some but not all of the following personal information: name, address, telephone, date of birth.

In terms of financial information, Latitude say that “less than 100 customers who had a monthly financial statement stolen.”

For any Latitude customer who has had their ID details stolen, Latitude says “We will reimburse our customers who choose to replace their stolen ID document.”

Customers should reach out to the company in the first instance, and consider putting a credit ban in place, as well as monitoring your credit history.