29 March 2023

Australian loan giant Latitude Financial says data breach impacted 14M customers


Australian loan giant Latitude Financial says data breach impacted 14M customers

Latitude Financial Services, Australia's biggest non-bank lender, has revealed that the extent of a data breach it suffered earlier this month is more significant than initially estimated.

The company initially reported that the number of impacted customers was 328,000, but now confirmed that the real number of affected individuals is 14 million, including customers, past customers and applicants across Australia and New Zealand.

In the incident, which took place on March 15, 2023, a threat actor stole an employee's login to breach two of the company's service providers holding Latitude's customer data. Following the attack Latitude shut down customer-facing services and launched an investigation to determine the full scope of the breach. Initially, the company said that the incident affected over 300,000 customer records, mostly driver’s licenses.

In an update posted on its website Latitude said that stolen data includes 7.9m Australian and New Zealand driver’s license numbers, 53,000 passport numbers, and financial statements, and around 6.1 million records dating back to at least 2005. The records include names, addresses, phone numbers and dates of birth.

The Australian Federal Police, which is investigating the breach, said that there’s no evidence so far that the stolen data was leaked online or put up for sale on dark web markets.

Back to the list

Latest Posts

Daggerfly APT targets Taiwanese orgs and US NGO in China with upgraded malware arsenal

Daggerfly APT targets Taiwanese orgs and US NGO in China with upgraded malware arsenal

The attackers exploited a bug in an Apache HTTP server to deliver the MgBot malware.
23 July 2024
New FrostyGoop ICS malware left over 600 apartment buildings in Ukraine without heat

New FrostyGoop ICS malware left over 600 apartment buildings in Ukraine without heat

The attackers likely gained access through a vulnerability in an externally facing Mikrotik router.
23 July 2024
NCA infiltrates, disrupts Digitalstress DDoS-for-Hire service

NCA infiltrates, disrupts Digitalstress DDoS-for-Hire service

The crackdown follows the arrest of one of the site's suspected admins earlier this month.
23 July 2024