Latitude Financials Suffers a Data Breach

Update 28th March 2023

Latitude Financial has revealed that a cyber-attack announced earlier this month resulted in the theft of over 14 million customer records, including sensitive personal information.

The hackers took 7.9 million Australian and New Zealand driver’s licence numbers, 40% of which were submitted to the firm in the past 10 years. An additional 6.1 million records dating back to 2005 were also stolen, of which 94% were provided before 2013. However, many of these will still be valid, as they contain personal details such as name, address, telephone number and date of birth. Some 53,000 passport numbers were also stolen, as were the financial statements related to “less than 100 customers.”

Latitude Group Holdings, an Australian digital payment and loan handling firm, suffers a data breach, and the threat actor had obtained the personal information of around 328,000 clients from two service providers by using staff login credential

Around 103,000 identification documents were stolen from the first service provider, with over 97% of them being copies of drivers’ licenses, while approximately 225,000 client records were stolen from the second service provider.

Latitude Financial has detected unusual activity on its systems over the last few days that appears to be a sophisticated and malicious cyber-attack. The activity is believed to have originated from a major vendor used by Latitude. While Latitude took immediate action, the attacker was able to obtain Latitude employee login credentials before the incident was isolated.