An image of the login page for the Latitude financial services app on a mobile.

Latitude Financial Services is an Australian financial services company offering a variety of services including unsecured personal loans, credit cards, car loans, personal insurance, and interest-free retail finance.

What Has Happened?

Latitude announced it had detected unusual activity on its systems that appeared to be a sophisticated and malicious cyber-attack that originated from a major vendor used by Latitude. This resulted in the attacker obtaining Latitude employee login credentials, these credentials were then used to steal customer information.

In late March, Latitude revealed that it had suffered a major data breach. Latitude disclosed they were attacked in mid-March and believed the breach resulted in 100,000 identification documents and 225,000 customer records being stolen. However, the breach was far worse than they thought.

Information Stolen

Latitude has now confirmed that 14 million customer records have been stolen. These records include 7.9 million driver’s license numbers, 54,000 passport numbers, and financial statements. A further 6.1 million customer records were also stolen, including information such as names, addresses, phone numbers, and dates of birth.

Am I Impacted by This Breach?

Latitude has partnered with many major businesses such as Harvey Norman, JB Hi-Fi, Apple, and Coles. Latitude is directly contacting individuals whose information was compromised, outlining details of the information stolen, the support they are providing and their remediation plans.

If you’ve received an email from Latitude Financial about the data breach, chances are you’ve had a connection with the company in some way. If you’ve taken out a payment plan with one of their major retailers, there is a good chance your data has been involved in the Latitude breach. If you have concerns or questions about the Latitude cyber-attack, it is highly advised to contact Latitude. You can find Latitude’s contact information here.

Steps You Can Take To Protect Yourself

Due to the sensitivity of the data stolen, it will likely be used to mount further attacks on customers such as phishing attacks.

Please be vigilant with all online communications and transactions including:

  • Staying alert for any phishing scams via SMS, phone, post, or email.
  • Always verifying the sender of any communications received to make sure they’re legitimate.
  • Do not interact with texts from unknown or suspicious numbers.
  • Updating passwords regularly with ‘strong’ passwords, not re-using passwords and activating Multi-Factor Authentication when available on any online accounts.

Other Support

If you have been a victim of a scam or identity theft following the Latitude cyber-attack, you should contact Latitude immediately.

You can also call IDCARE on 1800 595 160. IDCARE is Australia’s national identity and cyber support service.

To report a scam, you can contact Scamwatch. You can also check cyber.gov.au for information about cyber security.

Sources:

AFCA

The Guardian

ABC