Australian firm Latitude Financial said Tuesday it refused to pay a ransom to hackers who stole millions of records in one of the country’s biggest data heists.
The consumer lending company, which offers loans and credit cards, said last month that hackers had stolen the personal records of around 14 million Australian and New Zealand customers.
Latitude Financial said it had recently received a ransom threat from the group behind the cyber attack, which it was ignoring in line with government advice.
“We will not reward criminal behavior, nor do we believe that paying a ransom will result in the return or destruction of the information that was stolen,” it said in a statement to the Australian Stock Exchange.
Paying the ransom “would only encourage further extortion attempts”, the company added, without detailing the hackers’ demands.
The stolen data includes 7.9 million Australian and New Zealand driving licenses and 53,000 passport numbers.
Another 6.1 million records dating back to at least 2005 with information such as names, addresses, telephone numbers and dates of birth were also stolen.
Home Affairs Minister Clare O’Neil, who has previously described predatory hackers as “scummy criminals”, said giving in to extortion “only fuels the ransomware business model”.
“They commit to undertaking actions in return for payment, but so often re-victimize companies and individuals.”
In recent months, hackers have preyed on some of Australia’s biggest companies in a string of separate attacks that have put authorities on high alert.
Russian hackers were blamed for accessing millions of medical records at Medibank, Australia’s largest private health insurer, in an unsuccessful extortion attempt in November last year.
Telecom company Optus fell victim to a similarly massive data breach in September, during which the personal details of up to 9.8 million people were accessed.
