Security Experts:

Connect with us

Hi, what are you looking for?



Latitude Financial Services Data Breach Impacts 300,000 Customers

Latitude Financial Services says the personal information of 300,000 customers was stolen in a cyberattack.

Australian financial services company Latitude Financial Services is notifying roughly 300,000 customers that their personal information might have been compromised in a data breach.

A subsidiary of Deutsche Bank and KKE operating since 2015 and headquartered in Melbourne, Latitude is the largest non-bank lender of consumer credit in Australia, also offering services in New Zealand, under the brand Gem Finance.

On Thursday, the company disclosed falling victim to a cyberattack that forced it to suspend services and which also resulted in the theft of customer data.

“Latitude Financial has experienced a data theft as the result of what appears to be a sophisticated and malicious cyberattack,” Latitude says in a data breach notice.

The attackers, the company says, stole personal information held by two service providers, which served customers in both Australia and New Zealand.

According to Latitude, the malicious activity appears to have originated from one of its vendors, resulting in compromised employee login credentials that allowed the attackers to access personal information held by the two service providers.

The company says that the attackers stole roughly 100,000 identification documents from the first service provider. Most of these documents are copies of drivers’ licenses.

The attackers also exfiltrated approximately 225,000 customer records from the second service provider, but the company was not clear as to what type of personal information these records contain.

“Latitude is continuing to respond to this attack and is doing everything in its power to contain the incident and prevent the theft of further customer data, including isolating and removing access to some customer-facing and internal systems,” the company notes in a notification to Australian Securities Exchange (AXS).

Latitude also says that it has sent notifications to all customers to warn them of the incident and that it will provide further information on the attack as its investigation advances.

The company also underlined that the cyberattack is causing outages that impact its ability to respond to customers.

Based on Latitude’s description of the incident, it’s possible that the company is dealing with a ransomware attack. 

Related: Data Breach at Independent Living Systems Impacts 4 Million Individuals

Related: Hawaii Health Department Says Death Records Compromised in Recent Data Breach

Related: Zoll Medical Data Breach Impacts 1 Million Individuals

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...