Latitude stops onboarding customers as disruption worsens

John Kavanagh

The Latitude Financial cyber attack is more extensive and sustained than first reported and has resulted in severe disruptions to the business.
 
Latitude reported on Thursday that it had detected “unusual activity on its systems over the last few days that appears to be a sophisticated and malicious cyber-attack”. 
 
It said the attacker appears to have used employee login credentials to steal information held by two of its service providers. Around 103,000 identification documents, mostly drivers’ licences, were stolen from one and 225,000 customer records from the other.
 
In an update yesterday, the company said a small number of passport numbers and Medicare numbers were also stolen.
 
Latitude said it is likely to uncover more stolen information from current and past Latitude customers and applicants.
 
Because the attack is ongoing Latitude has isolated some of its technology platforms. It is not onboarding new customers and is unable to service customers and merchant partners. It is continuing to provide transaction services.
 
It is not able to take calls from customers about the hack. It has put a series of request forms on its website as a stop-gap. It said it has started contacting all customers impacted by the hack.
 
It has extended the suspension of trading in its shares. It has engaged external cyber security experts and the Australian Federal Police is investigating the attack.