Geo-Specific , Incident & Breach Response , Security Operations
Australian Non-Bank Lender Discloses Hacks of Customer DataMore Than 300,000 Customers Affected by Breach at Latitude Financial Services
Australian personal lending provider Latitude Financial Services disclosed to regulators on Thursday hacking incidents affecting more than 300,000 consumers.
See Also: The CISO’s Guide to Incident Readiness & Response
The non-bank lender notified the Australian Stock Exchange that hackers had made off with copies of nearly 103,000 driver's licenses and an additional 225,000 "customer records." It said it had "detected unusual activity" on its systems "over the last few days." The hackers, it said, were "sophisticated."
The company suspended trading of shares on the stock exchange until Monday.
The hackers used employee login credentials - it's not clear if they were stolen or this was a credential stuffing attack - to gain access to the Latitude information held at two separate service providers, the company says.
Latitude products include credit cards and installment payment plans in conjunction with retailers. A consortium of investors, including KKR and Deutsche Bank, acquired the business from GE in 2015. The company went in public in 2021.
Clare O'Neil, minister for Home Affairs and cybersecurity, said the Australian Cyber Security Center is working with Latitude and relevant law enforcement agencies to respond to this cybersecurity incident.
"This incident is another reminder for everyone in the community to be vigilant about their personal cyber security," she said.
O'Neil has vowed to transform Australia into "the world’s most cyber-secure country by 2030" after a wave of data breaches buffeted the country during the second half of last year (see: Australia Aims to Be World's 'Most Cyber-Secure' Country ).