This was published 1 year ago
Latitude reveals hit from cyberattack, warns bad debts rising
Consumer finance business Latitude Group is likely to scrap its first-half dividend and report a loss of up to $105 million, as it bears the brunt of rising bad debts and fallout from a crippling cyberattack that compromised the personal information of 7.9 million people.
Latitude issued a profit warning on Friday and revealed the hit it would take from a March cyberattack, which exposed personal details of customers sourced from retailers such as Harvey Norman, JB Hi-Fi, Coles and Apple.
In a sign of the attack’s broad impact across the company, Latitude said it had been forced to stop, or severely restrict, opening new accounts for about five weeks. The company was also unable to contact customers who had not paid their bills during this period because key systems were shut down.
While regular commercial operations have been restored, Latitude said it would make less income and it would take higher provisions for bad debts, because the shutdown in its collections area had worsened a trend towards rising bad debts.
The company, which has been led by chief executive Bob Belan since April, also flagged a $46 million after-tax provision, mainly to cover the customer remediation costs, such as the cost to customers of replacing their driver’s licences. This provision does not include any possible costs the company could face from class actions, fines, or future upgrades to its systems.
All up, the company forecast a first-half statutory loss of $95 million to $105 million, and expected a statutory loss over the full year.
“Due to the forecast statutory after-tax loss, it is unlikely that Latitude will declare a dividend for the six months to June 30, 2023,” the company said.
Chief investment officer at Atlas Funds Management Hugh Dive said despite the costs from the cyberattack, he thought the more concerning aspect of Latitude’s update was the rise in bad debts. “What that’s telling me is that unsecured credit is in a bit of trouble,” Dive said.
Latitude shares fell 4.2 per cent to $1.24.
Latitude said cash net profit after tax – a less volatile measure than statutory profit – would be $5 million to $10 million in the first half.
The attack on Latitude was one of several recent hacks of large consumer-facing Australian businesses, with Optus and Medibank Private also wearing heavy financial costs from major cyberattacks last year.
The cyberattack on Latitude resulted in hackers gaining access to the driver’s licence numbers of about 7.9 million people who were customers, past customers or had applied to be customers of Latitude.
The company said hackers – who had unsuccessfully demanded a ransom payment – had also gained access to personal details such as people’s names, addresses, telephone numbers and dates of birth.
The mass breach has sparked a landmark investigation by the Australian and New Zealand privacy commissioners, which will look at whether the company took reasonable steps to protect the personal information it held. Class action law firms are also mulling potential legal action against Latitude.
Latitude said its response to the attack included taking its information platforms offline; resetting passwords across the group; contacting all affected customers; working with Australian authorities and bringing in external cyber experts to work alongside its own teams. It said there had been no suspicious activity on its systems since March 16.
Separately, shares in consumer finance group Humm dropped 8 per cent to 39¢ on Friday, after it said the corporate cop made an interim order that stops Humm from signing up new buy now, pay later customers until its concerns are addressed.
The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.
correction
An earlier version of this story incorrectly stated that hackers had successfully demanded a ransom payment from Latitude.