In an announcement to the ASX, the firm said it had identified approximately 7.9 million Australian and New Zealand driver's licence numbers that have been stolen, while a further 6.1 million records dating back to at least 2005 have also been obtained by the hackers.

From the 7.9 million driver’s licences exposed, approximately 3.2 million or 40 per cent were provided in the past 10 years.

“In addition, approximately 53,000 passport numbers were stolen,” Latitude said.

“We have also identified less than 100 customers who had a monthly financial statement stolen.”

The 6.1 million records stolen dated back to at least 2005, revealed the company, of which approximately 5.7 million or 94 per cent were provided before 2013.

“These records include some but not all of the following personal information: name, address, telephone, date of birth,” the company added.

This means a number of former customers will have been impacted by the hack.

Latitude offers credit cards, personal loans and other forms of finance including for customers of Harvey Norman, JB Hi-Fi, David Jones and The Good Guys.

No David Jones customer data had been compromised because the retailer will not transition to the Latitude card program until 2024, according to a spokesperson.

The non-bank had previously reported just 330,000 customer details had been sotlen – well below the 14 million now revealed.

Last week it said Medicare numbers and “copies of passports or passport numbers” were included in the theft of personal information affecting approximately 333,000 customers and applicants.

Previously the firm had only confirmed drivers’ licences as being taken.

Latitude said it would reimburse customers who choose to replace their stolen ID document and said it maintains insurance policies to covers risks, including cyber security incidents, and as a result it had informed its insurers.

“It is hugely disappointing that such a significant number of additional customers and applicants have been affected by this incident. We apologise unreservedly,” said Latitude Financial CEO Ahmed Fahour.

“We are committed to working closely with impacted customers and applicants to minimise risk and disruption to them, including reimbursing the cost if they choose to replace their ID document. We are also committed to a full review of what has occurred.

“We urge all our customers to be vigilant and on the lookout for suspicious behaviour relating to their accounts. We will never contact customers requesting their passwords.

“We continue to work around the clock to safely restore our operations. We are rectifying platforms impacted in the attack and have implemented additional security monitoring as we return to operations in the coming days.”

The company had previously said it was still trying to contain the “malicious” attack but in its latest update to the market it said the to the best of its knowledge no suspicious activity had been observed in its systems since Thursday, 16 March.

It comes after angry customers lashed out at the financial services provider, as millions remain in the dark on whether they have been impacted.

Other Australians had revealed they cannot access their funds and are unable to get in touch with Latitude to help them.

Latitude first unveiled it had been attacked when it reported it had noticed “unusual activity” on its systems in the last couple of days.

When they realised it was a cyber security breach, the firm took “immediate action” to minimise the damage.

However, unfortunately, by then it was too late.

More Coverage

Hidden hacking danger in your old laptop

Eli Green

Cruel scam targeting desperate renters

Jasmine Kazlauskas

They were unable to isolate the incident as employee login credentials had already been stolen.

It comes just months after Optus and Medibank had the details of millions of customers stolen in two separate sophisticated cyber attacks that descended into ransom demands which were not paid.

The Latitude attack is now bigger than the one that impacted Optus, which saw 9.8 million customers data stolen from the telco.