Latitude Financial (ASX: LFS) has detected unusual activity on its systems over the last few days that appears to be a sophisticated and malicious cyber-attack. The activity is believed to have originated from a major vendor used by Latitude.
While Latitude took immediate action, the attacker was able to obtain Latitude employee login credentials before the incident was isolated.
The attacker appears to have used the employee login credentials to steal personal information that was held by two other service providers.
As of today, Latitude understands that approximately 103,000 identification documents, more than 97% of which are copies of drivers’ licences, were stolen from the first service provider. Approximately 225,000 customer records were also stolen from the second service provider.
Latitude apologises to the impacted customers and is taking immediate steps to contact them. Further updates will be provided to the ASX and on Latitude’s website.
Latitude is continuing to respond to this attack and is doing everything in its power to contain the incident and prevent the theft of further customer data, including isolating and removing access to some customer-facing and internal systems. We are working with the Australian Cyber Security Centre, have alerted relevant law enforcement agencies and engaged several cyber security specialists to assist with Latitude’s response.
Latitude will cooperate with authorities to investigate this attack. Our priorities are to ensure the ongoing security of our customers, our employees and our partners while continuing to deliver services.