On a statutory basis, the company lost $116.3m in the six months to June 30, largely driven by higher costs and from the cyber attack. Cash profit fell 92 per cent to $7m, within the expectation the company had set in May when it flagged it was also unlikely to pay a dividend. Loss from continuing operations came in at $98.2m.

On Friday, it said cash profit in the second half is likely to be between $8m and $18m with full year guidance at $15m-$25m.

Lamenting the six months that have been “among the most challenging in Latitude’s history”, management said the two months before the cyber attack had seen higher volumes and margins were being managed with higher prices. But everything changed in March.

The attack, which compromised driver‘s licence numbers and other personal data of around 14 million Latitude customers, forced it to shut operations – including new account originations for its car and personal loan business, as well as its collections systems – for six weeks.

It also suffered from being unable to increase prices at a time funding costs were skyrocketing.

Volumes had recovered since June, and arrears were moderating. However, the attack has so far cost the company $76m in business disruption and customer remediation costs.

Latitude’s insurers have not taken responsibility for the event so far, but it says the claims assessment processes are “in their preliminary stages”.

Latitude shares are flat at $1.18 just before noon AEST, but the price is down 25 per cent from the year-ago period, and analysts warn that the cost of improving its systems could be another big hit to the bottom line.

Regulatory fines or the outcome of class actions currently being considered by two law firms, are also yet to be provided for.

Among a number of regulatory inquiries, the Australian Information Commissioner (OAIC) and the New Zealand Office of the Privacy Commissioner (OPC) are jointly investigating how Latitude handled personal information and whether it took “reasonable steps” to destroy or de-identify personal data that was no longer required.

Chief executive Bob Belan, who succeeded Ahmed Fahour in April, said the first six months of 2023 “have been among the most challenging in Latitude’s history.”

“Latitude’s half year result reflect what has been a persistently difficult macro environment for financial services businesses and of course, the operational disruptions caused by the March cyber attack on our company,” he said.

“We have and will continue to work diligently to continuously review and enhance the security of our systems and importantly, accelerate the delivery of our refreshed strategy focused on improving the experience for our customers and elevating the financial performance in our core Pay and Money divisions.”

Citi analysts said the fact that volume had returned in June to be largely in line with the previous corresponding period after systems were offline for a long period was a positive.

“Repricing actions to recover the yield impact from rising rates, which were delayed during the cyber incident period, look to have resumed which will be positive for margins going forward,” the broker told clients in a note.

However Citi noted “question marks remain around the demand for personal credit, the retail environment into FY24 and any residual cyber impacts from a regulatory and cost perspective.”

More Coverage

Latitude attack wipes out profit, dividends

PAULINA DURAN

Latitude hackers make ransom demand

Catie McLeod

More related stories

Property

One out of the box: ‘It’s not flashy, but it’s special’

Art curator and designer Maryanne Fiore has creativity running through her veins. And it shows in her Perth home.

Read more

Wealth

Do we need a US-style retirement savings system?

The federal Opposition has mused about a US-style retirement plan for Australia but although self-managed super funds are far from perfect, do we really need America’s so-called 401(k)?

Read more