In an update to the ASX on Monday, the non-bank lender confirmed that Medicare numbers and “copies of passports or passport numbers” were included in the theft of personal information affecting approximately 333,000 customers and applicants.

Latitude said of the stolen information, approximately 96 per cent was “copies of drivers’ licences or driver licence numbers”, “less than 4 per cent was copies of passports or passport numbers” and “less than 1 per cent was Medicare numbers”.

Previously the firm had only confirmed drivers’ licences as being taken.

But Latitude warned that those numbers were likely to grow.

“Because the attack remains active, we have taken our platforms offline and are unable to service our customers and merchant partners,” the statement said.

“In conjunction with our cybersecurity experts, we are continuing our forensic review of our IT platforms to identify the full extent of the theft of customer information as a result of the attack on Latitude.

“As our review deepens to include non-customer originating platforms and historical customer information, we are likely to uncover more stolen information affecting both current and past Latitude customers and applicants.”

Latitude said from today it would begin contacting people who had so far been affected.

It comes after angry customers lashed out at the financial services provider, as millions remain in the dark on whether they have been impacted.

Chillingly, the company revealed on Friday that is was still trying to contain the attack.

Latitude, which offers credit cards, personal loans and other forms of finance including for customers of Harvey Norman, JB Hi-Fi, David Jones and The Good Guys, revealed on Thursday to the ASX that it had been targeted in a “sophisticated and malicious cyber attack”.

Yet, desperate customers have been unable to find out any information with its call centres and some online services shut down at the time.

Many have been highly critical that news of the hacking was only revealed via media reports and that it had also taken two days for the company to communicate directly with customers after they finally received an email late on Friday.

However, they are still none the wiser as to whether their identity documents have been leaked.

Latitude’s chief operating officer Andrew Walduck previously said in the email that the company was working with the relevant authorities and have engaged cyber security specialists “as we continue to do everything in our power to contain the attack”.

“As of today, we understand that approximately 103,000 identification documents, more than 97 per cent of which are copies of drivers’ licenses, were stolen from one service provider,” he said.

“Approximately 225,000 customer records were stolen from a second service provider. Latitude apologises to its customers, particularly those who were impacted. Please be assured we will contact you directly if your personal information has been disclosed.”

But frustrated customers have hit out at Latitude’s handling of the hacking describing it as “pathetic” and “disgusting”.

“How long will it take to find out if I am affected? If my details have been stolen I’d like to know now. Identity theft and/or financial ruin due to your lack of security and saving items such as my drivers licence is not okay,” one woman wrote on social media.

“We need more information asap,” one woman pleaded. “Do we need to change our licences, change our bank accounts? As this has been happening lots what have you done with your cyber security? As a ex Security officer this is a major huge breach and should not happen. Someone dropped the ball big time.”

“So customers have potentially had their details stolen, nobody knows exactly which details, yet there’s no way for us to lock our cards/accounts, or change passwords, because you’ve shut down the Service Centre? Great move Latitude **slow clap**,” one man said.

Others were highly critical that Latitude had not contacted them directly to inform them of the breach and they had only discovered it via the media.

“It’s pathetic customers find out from the media about a data breach when it should’ve been yourselves notifying customers if they are impacted & how badly they’ve been impacted due to your negligence,” another added.

“This is really poor behaviour. Cutting off your service centres and giving people virtually no avenue to seek more information about what is going on. I had to find out from the media – no notice to all customers. This is absolutely disgraceful,” one man fumed.

Other Australians have revealed they cannot access their funds and are unable to get in touch with Latitude to help them.

However, Mr Walduck added in his email on Friday night that its “services remain available and you should have confidence in using them”.

“Please continue to monitor Latitude’s website where we will be publishing further information as it becomes available,” he said.

Latitude has more than 2.7 million customers across Australia and New Zealand.

One customer told news.com.au he had made more than 150 calls to Latitude in 30 hours with no answer, after noticing a hacker had used his card, spending more than $1500.

Latitude said it had noticed “unusual activity” on its systems in the last couple of days.

When they realised it was a cyber security breach, the firm took “immediate action” to minimise the damage.

More Coverage

‘No access to funds’: Aussies screwed over

Alex Turner-Cohen

150 calls in 30 hours to hacked firm

Alex Turner-Cohen

However, unfortunately, by then it was too late.

They were unable to isolate the incident as employee login credentials had already been stolen.

It comes just months after Optus and Medibank had the details of millions of customers stolen in two separate sophisticated cyber attacks that descended into ransom demands which were not paid.