On Thursday morning, the ASX-listed lending company revealed that the details of 328,000 customers had been breached in a “sophisticated and malicious cyber attack”.

Of those, 100,000 customers are expected to have had their drivers’ licence compromised.

Latitude has more than 2.7 million customers across Australia and New Zealand.

News.com.au knows of two people with money that has been drained in a hack, making them suspect they are one of the people caught up in the breach.

Two other Australians cannot access their funds and are unable to get in touch with Latitude to help them.

Jim*, in his mid-60s from the NSW Central Coast, told news.com.au he noticed an unauthorised transaction last month, on February 18, for $500.

The Latitude team quickly cancelled his card and issued him with a new one.

But last week, on March 10, another unauthorised transaction was carried out — despite him not having yet used the card.

“I did ask the question if there was a data breach and was assured not to worry everything will be fine,” he said.

“But how else would I be hacked the first time, then details of a brand new unused card have the same thing happen two or three days at most after being activated?

“This is the first time in over 20 years as a customer (that) there has been a problem.”

Another customer says he has made more than 150 calls to Latitude in the past 30 hours with no answer, after noticing a hacker had used his credit card, spending more than $1500.

He believes his details have been stolen, saying: “The most frightening thing is that while I am still trying unfruitful attempts to talk to Latitude the hacker is using my card. He/she has already made purchases over $1500.”

Unfortunately, the Latitude website is experiencing disruptions to its customer service helplines, making it hard for customers to get help.

“Latitude is responding to a cyber-attack that has resulted in the theft of some customer data. We are currently experiencing disruption to services while we work to contain the attack and we apologise for the inconvenience. For further information and updates please visit our [dedicated help page],” it reads.

Two other customers claim they have been frozen out of their accounts and they can’t get anyone from Latitude to un-freeze them.

“I have not been able to make a payment on my credit card for the past week,” one woman told news.com.au. “I have attempted to make payments through BPAY and direct debit. Despite having sufficient funds to pay the account, no payments have been processed successfully. Once again Latitude has not provided any information regarding this issue.”

Another added: “I am unable to access any of my statements through both the app and the browser portal.

“I obviously can‘t get in touch with the contact centre so am pretty much exclusively relying on information obtained by the media.”

Customers were also annoyed at having to learn about the breach through the media, rather than being notified first over email.

“Latitude apologises to the impacted customers and is taking immediate steps to contact them,” Latitude said when it announced the cyber attack to the ASX in a statement.

It took several hours for Latitude to notify all its customers of the cyber security breach, and they are still yet to pinpoint and warn the 300,000 people with details that have been compromised.

Latitude was also still sending out promotional emails while customers waited to be officially informed of the hack.

“The marketing team from latitude don’t seem to have a problem sending emails,” one customer quipped to news.com.au.

News.com.au contacted Latitude for additional comment.

On Thursday, Latitude said it had noticed “unusual activity” on its systems in the last couple of days.

When they realised it was a cyber security breach, the firm took “immediate action” to minimise the damage.

However, unfortunately, by then it was too late.

They were unable to isolate the incident as employee login credentials had already been stolen.

The hacker was then able to use those credentials to steal more information from two other service providers.

“As of today, Latitude understands that approximately 103,000 identification documents, more than 97 per cent of which are copies of drivers’ licences, were stolen from the first service provider,” a company spokesperson said.

“Approximately 225,000 customer records were also stolen from the second service provider.”

They said the hack originated from a major vendor that Latitude uses. The vendor was not named.

Latitude is now working with police and the Australian Cyber Security Centre to investigate the incident.

It comes just months after Optus and Medibank lost the details of millions of customers in two sophisticated and separate cyber attacks that descended into ransom demands which were not paid.

More Coverage

150 calls in 30 hours to hacked firm

Alex Turner-Cohen

One person who contacted news.com.au had been involved in the Optus and Medibank breaches, and is also a customer at Latitude. They are waiting with bated breath to see if they are one of the affected customers.

*Name withheld for privacy reasons

alex.turner-cohen@news.com.au