The avalanche of cyber attacks has been a trending topic in Australia in the past year, making businesses increasingly vigilant.Not even giant corporations like Optus and Medibank, have immune to it. Unfortunately it happened again, with financial services provider Latitude Financial (ASX: LFS) making it into the headline this time. 

The Company has detected unusual activity on its systems over the last few days that appears to be a sophisticated and malicious cyber-attack, believed to have originated from a major vendor used by Latitude. While Latitude was finding ways to get to the bottom of the problem, the attacker was able to obtain Latitude employee login credentials, and have used the login credentials to steal personal information that was held by two other service providers. 

Approximately 328,000 customer records were stolen, comprising 103,000 identification documents from the service provider, and 225,000 customer records from the second service provider. More than 97% of which are copies of drivers’ licences, while further details of the rest of the customer records held were not disclosed.

Latitude did not identify those service providers.

Latitude has lodged a trading halt request to the ASX to manage its continuous disclosure obligations relating to the cyber attack incident. Trading is expected to return to normal on Monday 20 March 2023.

“Latitude apologises to the impacted customers and is taking immediate steps to contact them.”

“We are working with the Australian Cyber Security Centre, have alerted relevant law enforcement agencies and engaged several cyber security specialists to assist with Latitude’s response. Latitude will cooperate with authorities to investigate this attack. Our priorities are to ensure the ongoing security of our customers, our employees and our partners while continuing to deliver services. “ the company said in a statement to the ASX.

Latitude has more than two million BNPL customers and over 1,950 merchant partners in Australia, offering consumer finance services such as interest-free Buy Now Pay Later (BNPL) plans and personal loans for shoppers to major Australian retailers such as Harvey Norman, JB Hi-Fi, The Good Guys and recently, David Jones. The Company did not disclose if consumers who are using financing from these companies are impacted. 

The cyberattack happened less than a month after Latitude announced on 24 February 2023 that it was closing its buy now, pay later offering in Australia and New Zealand, effective 11 April 2023.