328,000 IDs feared stolen in ‘sophisticated’ Latitude Financial hack

Consumer finance provider Latitude Financial said it has been the victim of a hacking incident and believes identification documents of 328,000 customers were stolen, including the driver’s licence details of about 100,000 customers.

Latitude provides consumer finance services to Harvey Norman, JB Hi-Fi, The Good Guys, Apple and recently signed up David Jones. The company declined to say if consumers who are using financing from these companies are impacted.

Latitude said it believes identification documents of 328,000 customers were stolen.Credit:AFR

“Latitude apologises to the impacted customers and is taking immediate steps to contact them,” the company said in a statement to the ASX.

Latitude has drawn criticism from experts on the breach of its systems. “Here is another case of credential theft after Medibank incident. It’s time for the Australian companies to think hard about password and identity management,” Dr Jabed Chowdhury, a lecturer at La Trobe University’s Cyber Security Program, said.

“Two steps even three steps password protection mechanism is the need of the time.”

Latitude said the details were stolen from service providers it uses. The company did not clarify further, but this is believed to refer to companies that provide corporate services to Latitude.

The company said it was continuing to respond to what it describes as a malicious and sophisticated cyberattack and has removed access to some customer-facing and internal systems.

Unusual activity was noticed on its network earlier this week, originating from a major vendor it uses.

“While Latitude took immediate action, the attacker was able to obtain Latitude employee login credentials before the incident was isolated,” it said.

“The attacker appears to have used the employee login credentials to steal personal information that was held by two other service providers.”

Latitude is working with the Australian Cyber Security Centre (ACSC) and said it had alerted relevant law enforcement agencies.

Cyber Security Minister Clare O’Neil said she welcomed Latitude’s cooperative approach with the ACSC and regulators to minimise the damage resulting from this incident.

“This incident is another reminder for everyone in the community to be vigilant about their personal cybersecurity,” she said.

Latitude has been placed into a trading halt until a further update is released about the hack attack in coming days. The stock last traded at $1.20. Investors paid $2.60 for shares when it listed on the ASX less than two years ago.

Analysts are already expecting that the incident will trigger a multi-million dollar bill, but the longer-term damage is harder to assess.

“Longer term, the impact on the business is more difficult to gauge, as it is unclear presently what the extent of the incident will be and how much franchise damage that will cause,” Citi analyst Thomas Strong said in a note to client.

The attack follows recent major cyberattacks at Optus and Medibank.

Optus was the victim of a major cyber breach in September, with hackers obtaining the data of 10 million of its customers.

The breach will cost Optus at least $140 million, including replacing hacked identity documents, complimentary subscriptions to credit monitor Equifax and an independent report commissioned by Deloitte. The telco is also being investigated by Australia’s privacy and telecommunications watchdogs.

Medibank was hit by a cyberattack in October, with hackers accessing the basic account details of 9.7 million current and former customers.Credit:Louise Kennerley

Medibank’s incident in October was more serious with criminals accessing basic account details of 9.7 million current and former customers as well as health claims data for about 160,000 Medibank customers, 300,000 customers of its budget arm, ahm, and 20,000 international customers.

The hackers began leaking some stolen data onto the dark web and Medibank lost $2 billion from its market valuation at the height of the crisis. It still faces lawsuits and an investigation by the Office of the Australian Information Commissioner over its handling of the incident.

The Market Recap newsletter is a wrap of the day’s trading. Get it each weekday afternoon.

Most Viewed in Business

From our partners

Source: Read Full Article