The consumer lender told shareholders on Tuesday it didn’t want to “reward criminal behaviour” and said its decision was consistent with the Australian government’s position.

About 7.9 million people had their driver’s licence details stolen, some 53,000 passport numbers were taken and 6.1 million other customer records dating back nearly 20 years were lifted in the hack.

Latitude, which provides consumer finance services to major retailers such as Harvey Norman and The Good Guys, said it didn’t believe paying a ransom would result in the return or destruction of the stolen data.

The company said it had sought advice from cybercrime experts before deciding that paying a ransom would be “detrimental” to its customers and encourage further cyber attacks across the community.

It did not detail how much was demanded or when the demand was made but it did say the stolen data the attackers detailed as part of their ransom threat was consistent with the number of affected customers.

“Latitude will not pay a ransom to criminals,” the company’s chief executive officer Bob Belan said.

“Based on the evidence and advice, there is simply no guarantee that doing so would result in any customer data being destroyed and it would only encourage further extortion attempts on Australian and New Zealand businesses in the future.”

Mr Belan said Latitude’s “priority” was contacting every customer whose personal information was compromised, which the company is still in the process of doing.

He said the company was working on safely restoring its regular business operations.

“I apologise personally and sincerely for the distress that this cyber-attack has caused and I hope that in time we are able to earn back the confidence of our customers,” he said.

The company has said “to the best of our knowledge” there has been no suspicious activity inside Latitude‘s systems since March 16.

The Australian Federal Police are investigating the data breach and Latitude has promised to work with the Australian Cyber Security Centre on its response.

The hack was the largest-known data breach of an Australian financial institution and follows massive cyber attacks at Medibank and Optus last year that compromised millions of customers’ personal information.

The separate attackers behind both of those hacks demanded ransoms.

The Medibank hackers leaked the data they stole onto the dark web after the health insurance giant refused to pay the ransom.

In Optus’ case, the person purporting to be behind the attack reportedly retracted their ransom threat.

Home Affairs and Cyber Security Minister Clare O’Neil confirmed Latitude’s decision not to pay a ransom was consistent with Australian government advice.

“Cyber criminals cheat, lie and steal. Paying them only fuels the ransomware business model,” she said.

“They commit to undertaking actions in return for payment, but so often re-victimise companies and individuals.”

More Coverage

Secret report into Optus hack under fire

Ellen Ransley

Simple phone hack to save millions

Madeleine Achenza