Major Australian financial services company Latitude has revealed it has become the victim of a cyber attack.
The details of a whopping 328,000 customers have been breached, with 100,000 of those expected to have had their drivers’ licence compromised.
ASX-listed Latitude, which provides credit cards to thousands of Australians, announced on Thursday morning that it has been targeted in a “sophisticated and malicious cyber attack”.
“The attacker appears to have used the employee login credentials to steal personal information that was held by two other service providers,” the company said in a statement to the ASX.
“Latitude apologises to the impacted customers and is taking immediate steps to contact them,” the statement added.
Customers have been left furious and nervous as they have yet to be notified if they are one of the unlucky ones involved in the breach, and if so, what information has been stolen.
They are also unable to contact the financial firm, with an error message appearing on the website.
Latitude has more than 2.7 million customers across Australia and New Zealand.
One customer says he has made more than 150 calls to Latitude in the past 30 hours with no answer, after noticing a hacker had used his card, spending more than $1500.
He believes his details have been stolen, adding: “I also called the local police as well as MasterCard‘s head office but no one could help me.
“The most frightening thing is that while I am still trying unfruitful attempts to talk to Latitude, the hacker is using my card. He/she has already made purchases over $1500.”
Another man told news.com.au he only learned of the breach through this news.com.au article.
“I am a Latitude customer and just wanted to confirm at present no one knows or can even find out who is affected by the hack as there is no way to contact anyone at Latitude to get any clarity,” one person told news.com.au.
“I would have no idea if it wasn’t for news articles I have seen online,” said another. “There is literally no info.”
A victim of domestic violence who uses Latitude’s services told news.com.au she has “major concerns” about the breach.
“I have an ongoing dispute about a fraudulently obtained loan and a very very complex domestic violence incident that has multiple copies of police confidential documents,” she said.
“The fact my new address is now (possibly) leaked is so worrying. Along with whatever other details they have of me and the personal incident that Latitude have a wealth of information on. “Hope my safety isn‘t compromised however not really reassured it will be at all.”
Latitude’s customer service contact centres also appear not be working.
On its website, an error message appears, which reads: “Our contact centres are currently unavailable.
“We apologise for the inconvenience and are working hard to get back online as soon as possible.
“For all customers except personal loans, you can still access our mobile app and Latitude Service Centre to view and manage your account.”
Latitude said it had noticed “unusual activity” on its systems in the last couple of days.
When they realised it was a cyber security breach, the firm took “immediate action” to minimise the damage.
However, unfortunately, by then it was too late.
They were unable to isolate the incident as employee login credentials had already been stolen.
The hacker was then able to use those credentials to steal more information from two other service providers.
“As of today, Latitude understands that approximately 103,000 identification documents, more than 97 per cent of which are copies of drivers’ licences, were stolen from the first service provider,” a company spokesperson said.
“Approximately 225,000 customer records were also stolen from the second service provider.”
They said the hack originated from a major vendor that Latitude uses. The vendor was not named.
Latitude is now working with police and the Australian Cyber Security Centre to investigate the incident.
Latitude was founded in 2015 after changing from its previous business entity to focus on digital payments, instalments and loans. The firm also has a small buy now pay later arm.
In April 2021, Latitude listed on the ASX.
It comes just months after Optus and Medibank lost the details of millions of customers in a sophisticated cyber attack that descended into ransom demands which were not paid.
In September last year, hackers stole the names, dates of birth, phone numbers, email addresses, and in some cases addresses and ID document numbers such as driver’s licence or passport numbers, from Optus customers.
An eye-watering 9.8 million Australians were involved in the breach.
Then just a month later, Australians were hit by more shocking news. This time private health insurer Medibank had also been targeted in a cyber attack.
The Medibank hack saw 9.7 million current and former customers impacted.
Some unlucky Australians had their data compromised twice over, as they were customers at both Optus and Medibank.
The breaches led to class actions, threats of hefty fines and caused the federal government to overhaul Australia’s cyber security laws to allow for quicker responses in an emergency.