An Australian non-bank lender by the name of Latitude Financial has disclosed that a cyber intrusion that occurred earlier this month on its systems was more comprehensive than was first believed.
On March 16, the firm made the first disclosure of the breach, indicating that personal information for around 330,000 individuals had been exposed. But, in an update provided to the Australian Stock Exchange, Latitude has now admitted that the personal information of up to 8 million individuals may have been taken.
It is thought that the hackers gained access to names, residences, dates of birth, telephone numbers, passport numbers, and in certain instances, monthly financial statements belonging to clients. The business has not yet completed its analysis of the quantity of duplicate records and is currently calculating the actual number of consumers who were impacted.
It is not yet possible to determine the entire extent of the breach’s effect on consumers, although it is anticipated that it will be severe.
Latitude has assured its clients that they would be compensated for the cost of replacing any lost or stolen identification papers. Passports that were compromised by the data hack may still be used normally, according to the Department of Foreign Affairs and Trade, which issued the confirmation.
According to an article published by ABC News, Latitude Financial on March 22 alerted some of its clients through email that more personal information had been stolen from them. The communication was issued to consumers after the firm discovered that the information of other customers had been stolen.
It said in the email:
We have determined that the following aspects of your personal information, including but not limited to those listed below, may have been exposed as a consequence of the event.
When you requested a quotation or applied for credit with Latitude, we asked for the aforementioned information from you so that we could confirm your identity and process your request.
Images of your driver’s license, including your picture, name, address, date of birth, license number, card number, and expiration date (if applicable).
The personal information that you provided during the application process or when you requested a quotation, which, depending on the context, may have included your complete name, address, date of birth, email address, and/or telephone number.
The identity verification procedure at Latitude requires a picture of your face, which you may provide in the form of a photograph.
Experts in cybersecurity have voiced their disapproval of Latitude’s practice of retaining past customer data stretching all the way back to 2005. Even if the storage of such data was mandated by law, the fact that it was done in the first place is “quite astonishing. By retaining such data for lengthy years, users were left open to the possibility of fraud and impersonation.
The Chief Executive Officer of Latitude, Ahmed Fahour, issued a “unreserved” apology for the data breach and promised to work with impacted consumers to reduce the danger to them and the inconvenience caused to their lives.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.