- Data theft much larger than reported on March 16th
- Driver’s license, passport numbers, customer details stolen
- Stocks fall 2.5%
March 27 (Portal) – Australian consumer finance firm Latitude Group Holdings Ltd (LFS.AX) said hackers stole nearly 8 million Australian and New Zealand driver’s license numbers and slashed the country’s shares in one of the country’s biggest confirmed data breaches.
The provider of credit cards and personal loans to some of Australia’s largest retailers added the cyber intruder also stole some 53,000 passport numbers and more than 6 million customer records, mostly dating from 2005 to 2013, which it described as a “worrying development”.
The update showed that the attack, which temporarily frozen Latitude’s operations, affected far more customers than the company first announced on March 16, when criminals stole 103,000 licenses.
It now ranks among the biggest data breaches in the country, behind only Singapore Telecommunications Ltd’s Optus No. 2 telecoms company (STEL.SI) and health insurer Medibank Private Ltd (MPL.AX), which each said details of about 10 million customer accounts were compromised in attacks late last year.
Since a wave of data breaches began at Optus, the Australian government has increased penalties for companies that fail to adequately protect customer data as part of an ongoing overhaul of the national cybersecurity strategy.
“Cyberattacks are a growing threat and will become an increasingly common part of our lives in the years to come, and this incident is another reminder of the importance of improving Australia’s cybersecurity and privacy settings,” said Cybersecurity Minister Clare O’Neil.
“It remains our position that no customer should bear the cost of a data breach,” she added, noting that Latitude is working with authorities to manage the fallout from the attack.
Shares of Latitude closed down 2.5% in a flat overall market (.AXJO) as investors feared the company’s exposure could be worse than previously thought.
“Whenever investors hear about a data breach, they tend to assume the worst,” said Matt Simpson, senior market analyst at City Index.
Latitude said in a statement that its insurance covers cyber security risks.
“We are remediating the platforms affected by the attack and have implemented additional security monitoring as we resume operations in the coming days,” CEO Ahmed Fahour said in the statement.
Reporting by Byron Kaye in Sydney and Navya Mittal in Bengaluru; Edited by Tom Hogue, Muralikumar Anantharaman, Sherry Jacob-Phillips and Sonali Paul
Our standards: The Trust Principles.