September 22, 2023

Update 28th March 2023

Latitude Financial has revealed that a cyber-attack announced earlier this month resulted in the theft of over 14 million customer records, including sensitive personal information.

The hackers took 7.9 million Australian and New Zealand driver’s licence numbers, 40% of which were submitted to the firm in the past 10 years. An additional 6.1 million records dating back to 2005 were also stolen, of which 94% were provided before 2013. However, many of these will still be valid, as they contain personal details such as name, address, telephone number and date of birth. Some 53,000 passport numbers were also stolen, as were the financial statements related to “less than 100 customers.”

Latitude Group Holdings, an Australian digital payment and loan handling firm, suffers a data breach, and the threat actor had obtained the personal information of around 328,000 clients from two service providers by using staff login credential

Around 103,000 identification documents were stolen from the first service provider, with over 97% of them being copies of drivers’ licenses, while approximately 225,000 client records were stolen from the second service provider.

Latitude Financial has detected unusual activity on its systems over the last few days that appears to be a sophisticated and malicious cyber-attack. The activity is believed to have originated from a major vendor used by Latitude. While Latitude took immediate action, the attacker was able to obtain Latitude employee login credentials before the incident was isolated.


We apologize to any customers directly impacted and will be contacting them directly. The attacker appears to have stolen personal information that was held by two service providers. Currently collaborating with the Australian Cyber Security Center and necessary authorities to investigate the incident.

Latitude Financial Statement

Latitude, which offers consumer finance services to major Australian retailers like Harvey Norman and JB Hi-Fi has stated that it is working to manage the situation and prevent further loss of customer data.

The incident follows those of Medibank and Optus, which exposed the personal information of 9.7 million and 2 million Australians, respectively, in October last year.

Leave a Reply

%d bloggers like this: