Introduction
Latitude Financial Services, an Australian finance company, has become the latest victim of a sophisticated cyber attack, which has seen the personal data of over 300,000 customers stolen. The company has confirmed that the breach affected both Australian and New Zealand driver’s license numbers, customer records, and passport numbers, with data dating back to 2005. In this article, we will take a closer look at the scale of the attack and the impact it has had on the company and its customers.
The Scope of the Attack
Latitude Financial Services has reported that the forensic review is still ongoing, but they have confirmed that 7.9 million Australian and New Zealand driver’s license numbers have been stolen. Of these, 3.2 million were from the last ten years, indicating the severity of the attack. In addition, 6.1 million customer records, including some of the customers’ names, addresses, phone numbers, and dates of birth, were also stolen. Shockingly, 97 percent of these records date back to before 2013 and even as far as 2005. More than 53,000 passport numbers were also compromised in the attack.
Impact on Customers
The Australian Passport Office has confirmed that people do not need to replace their passports due to the hack. However, Latitude Financial Services has offered to pay for the replacement of any stolen driver’s licenses. The company has also written to all customers, past, present, and applicants whose details were stolen, outlining what was taken and their plans for remediation.
Questions About Data Retention
The extent of the hack has raised serious questions about the data retention policies of Latitude Financial Services. Customers past and present are likely to wonder why the company still retained information about customers dating back to 2005.
Limited Financial Impact
Fortunately, the attack appears to have had limited financial impact. Only a small group of 100 customers had a monthly financial statement stolen from the system. However, the theft of personal data is still a major concern and can lead to identity theft, fraud, and other criminal activities.
Conclusion
Latitude Financial Services has become another victim of a sophisticated cyber attack, highlighting the increasing threat of cybercrime. While the financial impact of the hack is limited, the exposure of personal data is still a major concern for customers. The attack also raises questions about data retention policies and the need for greater cybersecurity measures.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.
