Latitude had to close new account originations and its collections systems for five weeks following the cyber attack in March, which compromised driver’s license numbers and other personal data of around 14 million customers.

The resulting lost income and higher credit losses would result in it posting interim cash profit, a preferred profitability measure by investors, in the range of $5m to $10m, compared to the $60m it reported in the previous half and the $91m notched up a year earlier.

“It is unlikely that Latitude will declare a dividend for the six months to 30 June 2023,” the company said in a statement.

Investors had expected the attack would have a relatively modest impact on Latitudes financials, with shares plunging as much as 9.65 per cent to $1.17 following the announcement on Friday. They partially recovered to close 3.47 per cent lower at $1.25. 

Latitude said it had set aside $53m to cover expenses related to the cyber incident. Although it said the exact cost is still uncertain and there were “many unknowns”. The cost provision would be taken in the first half of the year and includes both $7m of costs and a $46m after-tax provision for remediation expenses. That still didn’t factor potential fines, legal action, future system improvements or insurance benefits.

Macquarie analysts told clients on Friday evening the provision for remediation was a “positive move to proactively manage the incident” but said that until fines and litigation costs are incorporated, the share price would continue to have “a valuation overhang”.

Citigroup analysts last month estimated Latitude likely needed a “significant” technology upgrade that could cost about $40m, while any fine and short term cost would be “somewhat” covered by insurance. The broker said it expected latitude would be forced to halt dividends for the next 12 months.

“We think Latitude Financial would zero the dividend over a 12-month period given the need to reinvest in the business and focus on supporting growth while the earnings are arguably at a cyclical low,” the broker wrote on April 19.

Incoming chief executive Bob Belan last month apologised to the millions of customers who had their data stolen in the attack that eclipsed last year’s high-profile hacks on Medibank and Optus.

The hackers helped themselves to a raft of highly personal information from Latitude’s customers, including copies of their drivers licences, passports and Medicare numbers – the key ingredients for identity theft and fraud.

Mr Belan said the company would reimburse customers if they chose to replace their licence. He urged customers to contact one of Australia’s credit reporting agencies to check if their identity has been stolen and used to obtain credit.

On Friday, Latitude said it would“continue to provide dedicated support via a comprehensive customer care program, including an offer to reimburse the cost of replacement identity documents, hardship assistance for customers who are in a uniquely vulnerable position as a result of the cyber-attack, mental health and wellbeing support and specialist advice via not-for-profit ID Care.”

The cyber attack remains under investigation by the Australian Federal Police with “extensive” further inquiries from regulators expected over the coming months, it said.

Latitude said it expected first-half lending volumes to fall to between $3.3bn to $3.6bn, compared to $3.7bn a year earlier, while provisions for loan losses would jump to about 4.2 per cent, from 3.75 per cent in December.

More related stories

Financial Services

No surrender: Wilson-Bolton war in its final stages

The long-running conflict between Geoff Wilson and Nick Bolton must be among the most expensive and consuming in Australian financial services in recent decades.

Read more

Economics

Keep up: How CEOs are navigating the Trump frenzy

Some of Donald Trump’s biggest calls are sending financial as well as strategic shockwaves through business. And they’re all unfolding in real time.

Read more