It seems like so long since a ‘yuge Australian company was hacked, doesn’t it? One would assume we left them in 2022, much like checkered rugs and fake Vivienne Westwood chokers? Well, it turns out cyberattacks are unfortunately still in vogue, and consumer lender Latitude Financial is the latest company to fall victim — and it’s a big one.
Per the Guardian, Latitude Financial — which buy now, pay later schemes to folks shopping at places such as JB Hi-Fi, David Jones, The Good Guys and Harvey Norman — revealed on Thursday that hackers stole the personal data of more than 300,000 customers.
The company told the ASX 103,000 identification documents — 97 per cent of which were driver’s licences — were stolen from one provider, and 225,000 customer records were nicked from a second service provider in the “sophisticated and malicious” cyberattack. It has not disclosed the names of the two service providers.
Latitude Financial said it had noticed some unusual activity on its systems “over the last few days”.
“While Latitude took immediate action, the attacker was able to obtain Latitude employee login credentials before the incident was isolated,” the company said.
“The attacker appears to have used the employee login credentials to steal personal information that was held by two other service providers.”
UNSW cybersecurity expert Richard Buckland told the ABC the cyberattack was “very concerning” given how many pieces of identification you have to hand over to take out a loan. You practically need to jump through as many hoops as a Pomeranian at a dog show just to buy a washing machine.
“It’s precisely the information an attacker needs to take out a loan in your name: the information you use to take out a loan in your name,” he said.
Fkn yikes.
Latitude Financial said in its ASX announcement it was heaps soz for the data breach.
“Latitude apologises to the impacted customers and is taking immediate steps to contact them,” the company said.
“Latitude is continuing to respond to this attack and is doing everything in its power to contain the incident and prevent the theft of further customer data, including isolating and removing access to some customer-facing and internal systems.”
The company said on its website that customers don’t need to do anything RN other than monitor their accounts for suspicious activity.
Latitude Financial is cooperating with the Australian Cyber Security Centre to get to the bottom of the cyberattack.
