Latitude Financial, an Australian non-banking lending firm, recently reported that cybercriminals leaked the personal data of approximately 14 million of its customers, marking Australia’s largest data breach to date.
Following the Latitude Financial data breach, the firm initially disclosed that the cyber attack affected the data of 330,000 customers but later revised the number to 14 million.
The stolen information includes driver’s license numbers of customers from Australia and New Zealand, with current and former customers dating back over a decade, and applicants for its consumer credit services among the victims.
The stolen data consists of 7.9 million Australian and New Zealand driver’s license numbers, 53,000 passport numbers, and 6.1 million customer records.
The latter includes personal details such as names, addresses, phone numbers, and dates of birth, with 5.7 million provided before 2013.
Latitude confirmed that it is working with the Australian Cyber Security Centre and the Australian Federal Police, and that it has not detected any cyberattack since March 16.
Latitude Financial data breach puts customers’ information at risk
The breach raises concerns about data storage practices and why companies hold onto old customer records.
Consumer lenders, like Latitude, use many identification documents in their credit-checking process, which contain unique identifiers that can open customers up to identity theft.
Cybersecurity Minister Clare O’Neil expressed concerns about the scale of information theft and ordered the National Coordination Mechanism (NCM) to support government agencies in response to the attack.
The Australian government is currently considering mandatory reporting of data breaches by companies to reduce the risk of cyberattacks.
The company says, “approximately 53,000 passport numbers were stolen.”, and “a further approximately 6.1 million records dating back to at least 2005 were also stolen, of which approximately 5.7 million, or 94%, were provided before 2013,” as reported by EFTM.
The personal information contained in these records is limited to certain data points such as name, address, telephone number, and date of birth. However, not all personal information may have been compromised.
Regarding financial information, Latitude has confirmed that fewer than 100 customers had their monthly financial statements stolen.
The company has assured affected customers that they will be reimbursed for any expenses incurred in replacing their stolen ID documents.
Customers are encouraged to contact Latitude as soon as possible and may want to consider implementing a credit freeze and regularly monitoring their credit history to prevent further unauthorized activity.