Latitude Financial has revealed that a cyber-attack announced earlier this month resulted in the theft of over 14 million customer records, including sensitive personal information.
The Melbourne-headquartered consumer lender said in a statement today that hackers took 7.9 million Australian and New Zealand driver’s licence numbers, 40% of which were submitted to the firm in the past 10 years.
An additional 6.1 million records dating back to 2005 were also stolen, of which 94% were provided before 2013. However, many of these will still be valid, as they contain personal details such as name, address, telephone number and date of birth.
Some 53,000 passport numbers were also stolen, as were the financial statements related to “less than 100 customers.”
Originally, Latitude Financial claimed the breach had resulted in the loss of only around 100,000 identification documents and 225,000 customer records.
Read more on Australian data breaches: Aussie Data Breaches Surge 489% in Q4 2022.
Although it claimed no suspicious activity has been observed since March 16, the firm will likely face a significant fall-out from the incident.
Customers are likely to be bombarded with convincing phishing attacks using the stolen data to obtain financial details, while scammers could also buy the information online to attempt identity fraud.
Latitude Financial CEO, Ahmed Fahour, described today’s news as “hugely disappointing” and apologized to affected customers.
"We are committed to working closely with impacted customers and applicants to minimize the risk and disruption to them, including reimbursing the cost if they choose to replace their ID document. We are also committed to a full review of what has occurred,” he added.
“We urge all our customers to be vigilant and on the look-out for suspicious behavior relating to their accounts. We will never contact customers requesting their passwords.”
Attackers reportedly managed to obtain Latitude employee credentials to access the documents, although it’s not clear exactly how.
Latitude Financial is Australia’s largest non-bank lender and provides buy now, pay later (BNPL) services to a string of popular domestic retailers.