Latitude Financial has revealed it has been hit by a sophisticated and malicious cyberattack that has compromised a total of 328,000 separate pieces of data that it had sourced from its customers.
The loans, credit card and insurance provider said it had detected unusual activity on its systems over the last few days that was believed to have originated from a major vendor used by Latitude.
The company said the attacker appeared to have used employee login credentials to steal personal information that was being held by two other of Latitude’s service providers.
In a statement to the ASX on Thursday morning, Latitude said approximately 103,000 identifications documents – 97% of which were drivers’ licences – were stolen from the first service provider, while 225,000 customer records were stolen from a second service provider.
“Latitude is continuing to respond to this attack and is doing everything in its power to contain the incident and prevent the theft of further customer data,” it said. “This includes isolating and removing access to some customer-facing and internal systems.”
Latitude said it was working with the Australian Cyber Security Centre and had alerted relevant law enforcement agencies and engaged several cybersecurity specialists to assist with a response.
“Latitude will cooperate with authorities to investigate this attack. Our priorities are to ensure the ongoing security of our customers, our employees and our partners while continuing to deliver services.”
Latitude Financial’s merchant partners include Harvey Norman, Urban Republic and David Jones, according to The Australian, which reported the latter signed a credit card supply deal in January.
The Latitude cyberattack is the latest in a series of major cybersecurity breaches in Australia, with Optus and Medibank among those companies targeted.