The financial group confirms the cyber criminals made off with driver’s licence numbers and the personal details of million of customers.
14m personal records stolen in Latitude hack
More than 14 million personal customer details at financial group Latitude were stolen by cyber criminals in the recent attack including driver’s licences and passport numbers, the company has confirmed.
It said the total included 7.9 million Australian and New Zealand driver’s licence numbers, about 40 per cent of which had been provided in the past decade, as well as 6.1 million records dating back to 2005 that included names, addresses, dates of birth and phone numbers.
The cyber criminals also got away with 53,000 passport numbers and the monthly financial statements of “less than 100 customers”, it said.
“We recognise that today’s announcement will be a distressing development for many of our customers and we apologise unreservedly,” it said in a statement to the ASX.
“We are writing to all customers, past customers and applicants whose information was compromised outlining details of the information stolen and our plans for remediation.
“We will reimburse our customers who choose to replace their stolen ID document.”
The number of personal details involved in the Latitude attack now exceeds the 9.7 million customers compromised during Medibank cyber breach last October and a similar number in the Optus hack last September.
Cybersecurity expert Professor Nigel Phair of Monash University said customers of the group needed to be on high alert.
“Customers of Latitude Financial need to be extra vigilant and keep an eye on all accounts for any suspicious emails, text messages or transactions,” he said. “All online consumers need to be aware to guard their personal identities while operating in the online environment. This is getting harder as more and more organisations suffer data breaches, which open individuals up to greater vulnerabilities surrounding phishing and identity theft.”
Latitude said “to the best of our knowledge” there had been no suspicious activity on its systems since 16 March, shortly after it detected the data breach, when it originally reported that just 330,000 documents had been stolen. The company had taken many of its systems offline after the attack.
Latitude chief executive Ahmed Fahour urged customers to exercise caution and said the company would investigate how the breach occurred.
“We urge all our customers to be vigilant and on the look-out for suspicious behaviour relating to their accounts,” he said. “We will never contact customers requesting their passwords.
“We continue to work around the clock to safely restore our operations. We are rectifying platforms impacted in the attack and have implemented additional security monitoring as we return to operations in the coming days.”
The company had set up dedicated contact centres for affected customers.
Comments powered by CComment