Latitude Financial Services Data Breach Impacts 300,000 Customers

Share This Post

Australian financial services company Latitude Financial Services is notifying roughly 300,000 customers that their personal information might have been compromised in a data breach.

A subsidiary of Deutsche Bank and KKE operating since 2015 and headquartered in Melbourne, Latitude is the largest non-bank lender of consumer credit in Australia, also offering services in New Zealand, under the brand Gem Finance.

On Thursday, the company disclosed falling victim to a cyberattack that forced it to suspend services and which also resulted in the theft of customer data.

“Latitude Financial has experienced a data theft as the result of what appears to be a sophisticated and malicious cyberattack,” Latitude says in a data breach notice.

The attackers, the company says, stole personal information held by two service providers, which served customers in both Australia and New Zealand.

According to Latitude, the malicious activity appears to have originated from one of its vendors, resulting in compromised employee login credentials that allowed the attackers to access personal information held by the two service providers.

The company says that the attackers stole roughly 100,000 identification documents from the first service provider. Most of these documents are copies of drivers’ licenses.

The attackers also exfiltrated approximately 225,000 customer records from the second service provider, but the company was not clear as to what type of personal information these records contain.

“Latitude is continuing to respond to this attack and is doing everything in its power to contain the incident and prevent the theft of further customer data, including isolating and removing access to some customer-facing and internal systems,” the company notes in a notification to Australian Securities Exchange (AXS).

Latitude also says that it has sent notifications to all customers to warn them of the incident and that it will provide further information on the attack as its investigation advances.

The company also underlined that the cyberattack is causing outages that impact its ability to respond to customers.

Based on Latitude’s description of the incident, it’s possible that the company is dealing with a ransomware attack. 

Related: Data Breach at Independent Living Systems Impacts 4 Million Individuals

Related:Hawaii Health Department Says Death Records Compromised in Recent Data Breach

Related: Zoll Medical Data Breach Impacts 1 Million Individuals

SecurityWeek RSS Feed

Read More

More Articles
Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.
Article

BFU – Seeing is Believing

Oh no, the device is in BFU. This is the common reaction; a device needs extracting, and you find it in a BFU state. Often, there’s an assumption that a BFU extraction will only acquire basic information, but that isn’t always the case.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .