Latitude cyber attack: Passport copies stolen, historical customers affected, trading suspended
Latitude Financial has confirmed a cyber attack in which 330,000 identification documents were stolen has affected historical customers.
Latitude Financial has confirmed a cyber attack in which almost 330,000 identification documents were stolen, has affected historical customers – and a number of copies of passports and Medicare cards have been exposed.
The attack has resulted in the theft of about 315,000 copies of driver's licences being stolen, about 10,000 copies of passports and about 3000 copies of Medicare numbers, according to an update by the company.
The hack is still active, according to Latitude’s early investigation and the incident is the subject of an Australian Federal Police investigation.
Chief executive Ahmed Fahour said Latitude had no choice but to shut down a number of services affecting merchants and customers to mitigate further risk, and only a limited number of transactions would still be able to be processed
“While we continue to deliver transactional services, some functionality has been affected resulting in disruption,” Mr Fahour said.
“We are working extremely hard to restore full services to our customers and merchant partners, and thank them for their patience and support.”
Mr Fahour said he understood the “frustration” the incident has caused, and apologised to affected parties.
“I sincerely apologise to our customers and partners for the distress and inconvenience this criminal act has caused. I understand fully the wider concern that this cyber attack has created within the community,” he said.
“Our focus is on protecting the ongoing security of our customers, partners and employees’ personal and identity information, while also doing everything we can to support customers and applicants who have had information stolen.”
On Monday, trading of Latitude shares were suspended although a trading halt imposed had been set to lift. The suspension is in place until at least Wednesday.
The company confirmed that it was “likely” there more victims of the hack, and that applicants, not necessarilly customers, had also been affected.
“As our review deepens to include non-customer originating platforms and historical customer information, we are likely to uncover more stolen information affecting both current and past Latitude customers and applicants,” a company statement read.
The Australian newspaper in January revealed corporate customers who had inquired but did not purchase Medibank private had similarly been caught up in the breach.
Customers have started receiving correspondence from the company which will confirm which of their details were stolen.
Not-for-profit IDCARE has also been engaged to provide assistance to customers and an in-house contact centre was set up to provide customer support.
Once the investigation has been completed, Latitude said it would commence a review of the incident.
The company said it was still assessing associated costs of the breach and that it “maintains” insurance policies which cover incidents including cyber risks.
This comes after Citi analysts Thomas Strong last week estimated that Latitude could wear as much anywhere between $10 to $15m in costs, based on Medibank’s own expected breach costs.
“While it is obviously difficult to compare on a comparable basis, short-term costs of $10m to $15m could be a reasonable estimate based on the respective size of the businesses and customer bases, but could be mitigated by cyber insurance,” he said.
Latitude shares last traded at $1.20 prior to the trading halt and suspension, a value less than half of when they first listed for $2.60 in April, 2021.
Meanwhile on Monday, the FBI announced it had arrested the person allegedly behind the BreachForums dark web forum, that hosted stolen personal data from millions of Medibank and Optus customers.
Conor Brian Fitzpatrick, known by his BreachForums online handle “Pompompurin” was arrested at his New York home last week, according to court filings reported first by cyber security blog KrebsonSecurity.
BreachForums hosted data from the mass Medibank and Optus data breaches, which each impacted millions of Australian customers late last year. Culprits have yet to be identified in either of those incidents, but the AFP has said a Russian hacking group was responsible for the Medibank hack.
The high-profile data breaches led to a change in Australia’s cyber security strategy, including ambitions for Australia to be the most “cyber secure nation by 2030”.
More Coverage
‘No answers yet’ for Trump’s looming China trade war
Belkin boss Steve Malony has ‘a lot of questions’ about what Donald Trump’s plan to impose tariffs on foreign tech hardware will mean for supply chains and manufacturing in the US.
‘Dark MAGA’ rising: Trump victory a golden age for Elon Musk
Elon Musk said he voted for Joe Biden in 2020. But his discontentment with the state of US politics has been brewing for years, as Donald Trump brands him a ‘super genius’ who ‘we have to protect’.