In a trading update on Tuesday (11 April), Latitude Financial told investors it had received a ransom demand from the criminals behind the cyberattack on the company.
Latitude said it would not pay the ransom, a decision in line with the Australian government’s position.
The stolen data, which the attackers detailed as part of their ransom threat, matches the number of affected customers Latitude disclosed on March 27, 2023. The matter is being investigated by the Australian Federal Police and Latitude continues to work with the Australian Cyber Security Center and cyber security experts on its response.
The lender is currently in the process of contacting all customers, former customers and applicants whose information has been compromised, outlining details of information stolen, the support it is providing and its remediation plans.
“Latitude will not pay ransom to criminals,” said Latitude Financial CEO Bob Belan.
“Based on the evidence and advice, there is simply no guarantee that this will result in the destruction of any customer data and will only encourage further attempts to extort Australian and New Zealand businesses in the future,” he said.
“Our priority remains to contact every customer whose personal information has been compromised and support them in this process.” In parallel, our teams are focused on safely restoring our IT systems, returning staffing levels to full capacity, improving security protections and returning to normal operations.
“I personally and sincerely apologize for the distress caused by this cyberattack, and I hope that in time we will be able to regain the trust of our customers.”
Regular business operations are resuming, with Latitude’s main customer contact center back online and operating at full capacity. Customers can also access the Services through Latitude’s website and mobile app.
The creation of new customers has also been restored.
The major cyberattack was first revealed via a trading update on March 16. Since then, Latitude has revealed that around 7.9 million driver’s license numbers and hundreds of thousands of passport numbers have been stolen.
An estimated 6.1 million records dating back to 2005 were also stolen, and about 94 percent of those records were provided before 2013.
These records include “some, but not all” personal information: name, address, telephone and date of birth.
Also last month, NGS Super warned customers of a cyber attack, with the industry super fund confirming at the time that some of its systems had been accessed by an attacker for a short period of time.
