While Latitude Financial Group took immediate action, the attacker was able to obtain Latitude employee login credentials before the incident was isolated.
In a trading update on Thursday (16 March), the company said the attacker used the employee login credentials to steal personal information that was held by two other service providers.
“As of today, Latitude understands that approximately 103,000 identification documents, more than 97 per cent of which are copies of drivers’ licences, were stolen from the first service provider,” the group said.
Approximately 225,000 customer records were also stolen from the second service provider.
“Latitude apologises to the impacted customers and is taking immediate steps to contact them. Further updates will be provided to the ASX and on Latitude’s website,” the company said.
“Latitude is continuing to respond to this attack and is doing everything in its power to contain the incident and prevent the theft of further customer data, including isolating and removing access to some customer-facing and internal systems. We are working with the Australian Cyber Security Centre, have alerted relevant law enforcement agencies and engaged several cyber security specialists to assist with Latitude’s response.
“Latitude will cooperate with authorities to investigate this attack. Our priorities are to ensure the ongoing security of our customers, our employees and our partners while continuing to deliver services.”
The cyber attack comes after a number of high-profile incidents in the last 12 months, including hacks at Medibank and Optus.
Late last month, Prime Minister Anthony Albanese held a cyber roundtable focused on what the government described as a “whole-of-nation effort” to protect Australians and the economy, with the aim of making Australia the most cyber secure nation by 2030.
“Strengthening Australia’s cyber security is a fundamental priority for our government because we recognise it is essential to the way every Australian lives and works and trades and learns and communicates,” the PM said.
“This is a fast-moving, rapidly-evolving threat and for too many years, Australia has been off the pace. Our government is determined to change that.
“For businesses these days, cyber security is as important and essential as the shop having a lock on the door. We need all Australian businesses to be able to protect themselves and — just as importantly — protect their customers.”
[Related: Non-bank in crosshairs of Japanese giant]