Tech

Latitude Financial begins notifying customers of data breach – up to 328,000 customers affected

Australia’s biggest non-bank personal finance lender Latitude Financial this morning advised the ASX that it had been the victim of a cyber attack, and this afternoon began contacting customers.

Following the massive Medibank and Optus breaches late last year Latitudes breach is on a similar level of severity while not as extensive in number.

Latitude has almost 3 million customers, so with 10% affected, it’s a massive problem for the company.

Critically, and for me most concerning – Latitude says that 103,000 ID documents were stolen. The concerning thing is they say that 97% of them were “copies of drivers’ licences”. Those words make me feel like they have literal photos or photocopies of drivers’ licences, which means both the Card Number and Licence number would be accessible to the hacker, meaning new drivers licences for 100,000 people.

It appears Latitude doesn’t keep much data of their own – with the original source of the hack happening at a “major vendor used by Latitude”. In that hack, a Latitude employee login credentials were obtained by the hacker.

What’s amazing is that those credentials were then used to steal personal information held by two other service providers. It’s at one of those providers where the 103,000 ID documents were stolen, and at the other 225,000 customer records were stolen.

We have no information about what was in those records.

Latitude this afternoon commenced contacting customers, saying “We’re writing to you directly to update you on a recent cyber-attack that Latitude Financial is actively responding to. Regrettably, the attack has resulted in the theft of some customer data”

“Latitude apologises to its customers, particularly those who were impacted. Please be assured we will contact you directly if your personal information has been disclosed.”

It’s an important first step for Latitude, taking the lead from Medibank’s approach to over communicating with customers, and doing the opposite of what Optus did which was to fail to communicate directly with customers.

The next step needs to be to clarify just what information was obtained by the hackers, and then to let individual customers know in which of the three groups they sit.

  1. Unaffected
  2. ID Document Obtained
  3. Customer Data Obtained

EFTM has asked Latitude the following questions which at this stage seem important to customers:

  1. Will you be offering identity protection services to your customers – if so how?
  2. How is one employee credential able to download so much customer data ?

Recent Posts

  • Tech

Samsung Previews new Flex Titanium Screen Tech Ahead of Unpacked

Samsung is teasing a new display tech for their next-generation foldables, with the new displays…

1 hour ago
  • Tech

MOVA Z70 Ultra Roller robot vacuum lands in Australia taking on large thresholds with 36,000pa of suction power

Smart living brand MOVA has announced their latest premium series robot vacuum today, launching the…

3 hours ago
  • Tech

Review: Sennheiser Momentum 5 Wireless Headphones — even better than the last generation but at a significant price increase

Last year I reviewed the Sennheiser HDB 630 and was super impressed.  They are an…

4 hours ago
  • Tech

The EFTM podcast – Unpacking Telstra’s Woes and the future of Triple Zero

This week, an extended chat with absolute Telco GURU and legend of the industry Grahame…

23 hours ago
  • Tech

motorola razr fold Review: Motorola’s First Book-Style Foldable Crushes It

After announcing the phone during CES, the motorola razr fold is finally heading to Australia,…

23 hours ago
  • Motoring

Geely EX2 hits Australia this month starting at $26,490

Geely is doing pretty well in Australia with just last month over 3,500 new car…

1 day ago