Australian non-bank lender Latitude Financial recently revealed that it had been the victim of a cyber attack that exposed the personal information of approximately 330,000 past and present customers. Since the initial announcement, the scope of the breach has expanded, with the company confirming that driver’s licenses, passports, and Medicare numbers were among the data stolen. The company warned that the number of affected customers might increase, and some of its systems remain shut down as a precaution.
Latitude Financial offers short-term loans, credit cards, travel cards, and buy now pay later services with major retailers, including Apple, Harvey Norman, and JB Hi-Fi. The company’s call centre is offline due to ongoing security risks after the hack, which has further upset customers. Some customers have also criticised the company for not telling them sooner what sort of data had been breached or if their information had been compromised.
The situation is “even more concerning” because the cyber-attack remained active, according to the UNSW Institute for Cybersecurity’s Associate Professor Rob Nicholls. This raises the possibility of a hybrid attack that is both ransom and theft. “If the intruders are still in the system, they have an opportunity to encrypt files.” The incident follows well-publicised breaches on telco Optus and private health insurer Medibank. Medibank customers’ data was posted to the dark web last year after the insurer refused to pay a ransom to a Russian-linked entity for its stolen data.
Earlier the federal government supported companies’ choice of not paying ransoms, and declared its intention to revamp a cybersecurity scheme worth $1.7 billion, initiated during the tenure of former prime minister Scott Morrison. To spearhead this renewed strategy, a national cyber office will be formed under the Home Affairs Department, with a new coordinator for cybersecurity leading the initiative.
Latitude Financial has apologised to its customers and partners, and CEO Ahmed Fahour said, “While we continue to deliver transactional services, some functionality has been affected resulting in disruption. We are working extremely hard to restore full services to our customers and merchant partners and thank them for their patience and support. We understand their frustration.”
This data breach is a clear reminder that cybercrime remains a threat to businesses of all sizes, and of the crucial need to implement robust security measures that protect customer data. Individuals affected should remain vigilant and take the necessary steps to protect their personal information, such as monitoring accounts for suspicious activity and not responding to unsolicited messages that ask for personal details.
Data breaches result in long-term reputational damage and financial loss, but these devastating consequences can be prevented with the right cyber security measures. Ever Nimble’s Security Operations Centre service provides 24/7 monitoring for your systems with the capacity to rapidly address alerts and anomalies in real time, and reduce the impact of online threats. In the event of a breach or compromise, our team acts quickly to remediate the situation and protect your business.
Find out how we can improve your security posture, and safeguard your business against data breaches. Learn more about our 24×7 SOC here.
Article by Shaun B, Team Leader – Cyber Advisory