On March 16, Latitude Financial, an ASX-listed entity, announced a trading halt following a “sophisticated and malicious cyberattack” that resulted in the theft of some customer data. The company said that the attacker used employee login credentials to obtain personal information that was held by two service providers. Hackers obtained 225,000 customer records from one vendor and approximately 103,000 identity documents, mostly copies of driver’s licences, from the other vendor.
Latitude Financial did not identify the vendors, but it stated that hackers accessed the data using employee login credentials. The company detected unusual activity on its systems earlier in the week and took immediate action, but hackers obtained the data before the measures could be implemented. Latitude Financial is a digital payments, instalments, and lending business with 2.8 million customers in Australia.
The attack is the highest profile and potentially the most damaging since the Optus and Medibank Private data breaches in 2022. The company is working with relevant authorities and has engaged cyber security specialists to contain the attack.