Latitude Financial Refuses to Pay Ransom

Written by

A leading Australian lender has refused to pay online extorters demanding a ransom for the personal data they stole on an estimated 14 million customers.

Latitude Financial CEO, Bob Belan, said in a statement today that paying the threat actors would bring no guarantees that they would destroy the data as promised.

“It would only encourage further extortion attempts on Australian and New Zealand businesses in the future,” he added.

Australian home affairs minister, Clare O’Neil, echoed the same sentiments in a tweet earlier today.

“Cyber-criminals cheat, lie and steal. Paying them only fuels the ransomware business model. They commit to undertaking actions in return for payment, but so often re-victimize companies and individuals,” she argued.

“Latitude’s decision is consistent with Australian government advice.”

Read more on ransomware: Australia Considers Ban on Ransomware Payments After Medibank Breach.

A recent study from Trend Micro found that firms like Latitude Financial are now in the majority. Only an estimated 10% of victim organizations actually pay their extorters today, and because of the relatively small share, they’re usually forced to pay more per compromise than in years past, it found.

It also calculated using AI tools that those companies who pay are effectively subsidising between six and 10 new attacks.

Latitude Financial originally claimed that a March breach had only resulted in the loss of around 100,000 identification documents and 225,000 customer records.

However, it was soon forced to recalculate these figures, admitting that the hackers had taken 7.9 million Australian and New Zealand driver’s licence numbers, plus 6.1 million records dating back to 2005, including names, addresses, telephone numbers and dates of birth.

It is still not clear which ransomware group was behind the attack, although a compromised employee credential is thought to have provided initial access into the network.

Latitude Financial is Australia’s largest non-bank lender, providing buy now, pay later (BNPL) services to many domestic retailers.

What’s hot on Infosecurity Magazine?