Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

14 Million Records Stolen in Data Breach at Latitude Financial Services

Australian financial services provider Latitude says roughly 14 million user records were stolen in a recent cyberattack.

Australian financial services company Latitude Financial Services now says that roughly 14 million records were stolen in a cyberattack earlier this month.

The incident was disclosed in mid-March, when the company started notifying roughly 300,000 customers of a data breach impacting their personal information.

In an updated notification, the company this week announced that the incident, which has caused service disruptions, was bigger than initially determined.

Initially, the company said that the data breach occurred at two service providers. On March 16, however, the attackers compromised Latitude’s network, prompting the company to disconnect some systems to contain the incident.

“Once the attack was discovered, we took immediate and decisive action, including isolating systems, taking them offline to protect personal information. Unfortunately, this action continues to cause disruption to our services,” the company says.

The data breach resulted in the compromise of the personal information of current and past customers, and applicants in Australia and New Zealand, Latitude says.

The attackers stole roughly 7.9 million driver license numbers, including 3.2 million that were provided to the company over the past ten years. In addition, the attackers stole 6.1 million other records, including 5.7 million that were provided between (at least) 2005 and 2013.

Advertisement. Scroll to continue reading.

“These records include some but not all of the following personal information: name, address, telephone, date of birth,” the company says.

The attackers also exfiltrated roughly 53,000 passport numbers and monthly financial statements for less than 100 customers.

“We are writing to all customers, past customers and applicants whose information was compromised outlining details of the information stolen and our plans for remediation,” the company notes.

Latitude has not shared details on the type of cyberattack it fell victim to. The fact that it took systems offline to contain the incident, however, suggests that it may have been a ransomware attack.

Headquartered in Melbourne, Latitude is a subsidiary of Deutsche Bank and KKE and the largest non-bank lender of consumer credit in Australia. In New Zealand, the company offers financial services under the brand Gem Finance.

Related: GoAnywhere Zero-Day Attack Hits Major Orgs

Related: NBA Notifying Individuals of Data Breach at Mailing Services Provider

Related: Data Breach at Independent Living Systems Impacts 4 Million Individuals

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Data Breaches

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.

Cybercrime

Instant Checkmate and TruthFinder have disclosed data breaches affecting a total of more than 20 million users.

Data Breaches

Health services company Independent Living Systems has disclosed a data breach that impacts more than 4 million individuals.