The major credit card and loan provider said a forensic review had found that the latest round of stolen information impacted customers (past and present) and applicants across Australia and New Zealand.

Despite more customer data being compromised, Latitude said that to the best of its knowledge, there had been no further attacks since March 16.

“We appreciate how frustrating this latest development will be for our customers and we unreservedly apologise,” Latitude said on Wednesday.

“Our focus remains firmly on containing this attack, progressing our forensic review of the actions taken by the attacker and restoring operational capability gradually over the coming days.”

The update comes as Latitude tumbled on its return to trading on the ASX, with shares down 7.1 per cent to $1.12.

Latitude, which is listed on the ASX with a market capitalisation of $1.1bn, finished the 2022 calendar year with 2.8 million customers across Australia and New Zealand. Merchant partners include Harvey Norman, Urban Republic and David Jones — which signed a credit card supply deal in January.

Latitude told the market on Monday that the “sophisticated, well-organised and malicious cyber-attack” had resulted in stolen information from 330,000 customers and applicants.

About 96 per cent of personal information stolen was copies of drivers’ licences including licence numbers, while less than 4 per cent was passport information and 1 per cent of Medicare numbers.

“Because the attack remains active, we have taken our platforms offline and are unable to service our customers and merchant partners,” Latitude said on Monday.

“We cannot restore this capability immediately, however we are working to do so gradually over the coming days and ask our customers for their continued patience. Our restoration of these services is aligned to our forensic review.”

Last Thursday, Latitude revealed the attack was believed to have originated from one of its major vendors.

The hack is the latest in a growing string of cyber attacks to hit corporate Australia in the past six months, with Medibank and Optus suffering major breaches.

Analysts say Latitude Financial could wear between $10m to $15m in costs associated with mitigation of the incident, based on the estimated cost of the Medibank Private breach late last year.

The company, which has credit card and buy now, pay later products, said that it would conduct all additional customers and applicants affected as soon as possible.

“Our focus remains firmly on containing this attack, progressing our forensic review of the actions taken by the attacker and restoring operational capability gradually over the coming days,” it said.

The cyber incident is the subject of an Australian Federal Police investigation. External cyber security experts, the Australian Cyber Security Centre and other relevant Government agencies are also working with Latitude.

Matt BellBusiness reporter

Matt Bell is a journalist and digital producer at The Australian and The Australian Business Network. Previously, he reported on the travel and insurance sectors for B2B audiences, and most recently covered property at The Daily Telegraph.

@RealMattBell

Matt Bell

More related stories

Markets

James Hardie waiver backlash spurs ASX review

ASX boss Helen Lofthouse says the market operator has listened to the concerns of aggrieved James Hardie shareholders over the company’s pursuit of Azek and a US listing.

Read more

Mining & Energy

Rio shareholders urged to vote for unification

UK hedge fund Palliser Capital is ramping up its campaign for Rio Tinto to abandon its London listing, challenging shareholders to consider rival BHP’s performance since it ditched dual listing.

Read more