More than 300,000 customers' data stolen in Latitude Financial cyberattack

Both Aussie and Kiwi customers impacted

More than 300,000 customers' data stolen in Latitude Financial cyberattack

The cyber attack on Latitude Financial may have exposed the data of more than 300,000 customers across New Zealand and Australia.

The Melbourne-based Australian finance company operated Genoapay, Gem Visa, and GO Mastercard as well as 28° Global, Infinity Rewards, and Low Rate credit cards, Latitude personal loans and vehicle loans.

In an announcement to the Australian share market, Latitude Financial said the attacker appeared to have stolen personal information that was held by two of its service providers, affecting customers across both Australia and New Zealand, Stuff reported.

One service provider had about 103,000 identification documents stolen, more than 97% of which were copies of drivers’ licenses. From the other service provider, about 225,000 customer records were stolen.

Latitude apologised to customers, especially those who were affected.

“Please be assured we will contact you directly if your personal information has been disclosed,” said Andrew Walduck (pictured above), Latitude Financial chief operating officer, in an email to customers.

“We are working with the relevant authorities and have engaged cybersecurity specialists as we continue to do everything in our power to contain the attack.”

Walduck said Genoapay can still be used until its planned closure on April 11 and customers should have confidence in using it.

“Please continue to monitor Latitude’s website where we will be publishing further information as it becomes available,” he said.

Latitude said a major lender it used was targeted in the cyberattack. But despite quick action from the company, the attacker was able to get Latitude employee login credentials before the incident was isolated.

“The attacker appears to have used the employee login credentials´╗┐ to steal personal information that was held by two other service providers,” it said.

It was in a trading halt until today.

The Privacy Commission was notified of the breach on Thursday, a spokesperson said.

“We are working with them as they seek to understand the size and scope of the breach,” he told Stuff. “Our focus in these early stages is to provide agencies who have experienced a breach with advice on how to minimise the harm caused by the breach on the individuals impacted.”

Use the comment section below to tell us how you felt about this story.