Latitude Financial Is The Latest Big Company To Announce A Cyber Attack That Exposed Customer Data

Latitude Financial becomes the next victim of a cyber attack that exposed Australians’ customer data. Here’s what we know. In less than a year, three big companies in Australia were hit by cyberattacks. The latest of these companies to announce a cyber attack is Latitude Financial, a digital bank in Australia. The attack was sophisticated and used employee credentials to access the personal records of over 300,000 customers.

While the company did detect the attack and stopped certain services from working to prevent further data leakage, they have confirmed that information such as identification documents had already leaked at that point.

Brief Overview Of Latitude Financial

Latitude Financial is a big company in Australia that is described as a digital bank. There are numerous financial services that the company offers customers. This includes personal loans, credit cards, and a number of insurance products. The company was formed initially in 2015. In 2021, Latitude Financial was listed on the official Australian Stock Exchange. The company is well known for its Latitude Go Mastercard and Latitude Gem Visa, which both consist of credit cards that offer interest-free shopping options for local individuals in Australia at participating shops.

Latitude Financial Suffers A Cyber Attack

Latitude sent an official announcement to the ASX on the 16th of March 2023, detailing the detection of unauthorized access to their internal systems. In the statement, Latitude explains that they took action immediately upon detecting the unauthorized access on the system, but by the time the attack was detected, some data had already been leaked.

Currently, the company believes that the attack has originated from one of the vendors that Latitude uses. It was confirmed that the attacker gained access to the login credentials of an employee, which then gave them access to customer records. Two service providers were affected by this cyberattack, but the specific details about which providers have not been shared by Latitude.

The company did note that an estimated 103,000 records were leaked from the first service provider’s system. These records accounted for identification documents. In 97% of these cases, the documents in question were drivers licenses.

Another 225,000 records were also leaked and stolen from the second provider’s system during the cyber attack.

How Latitude Is Addressing The Attack

The immediate action from Latitude helped to stop the attacker from gaining further data during the attack. Yet, there was still a large number of documents and customer records that leaked during the event. Should Latitude not have detected the attack so early on, the situation could have gotten much worse, and more data could have leaked.

Latitude did announce that they are investigating the case and have reported it to the appropriate authorities. The ASX has been notified, along with law enforcement. On their side, Latitude has been contacting the customers whose account data were leaked during the attack to inform them and to provide their apologies for the inconvenience.

In addition to these actions, the company has already consulted with cybersecurity experts. The main idea here is to ensure they are able to strengthen the cybersecurity systems that are responsible for protecting customer data and to ensure unauthorized access cannot be gained through the system. The specific steps and technologies that will be used to improve the cybersecurity of Latitude’s systems are not yet clear.

Latitude is currently working with a local institute, known as the Australian Cyber Security Centre, to improve the security measures that they have in place. It’s a priority for the company to ensure its systems are better protected in the future and to detect the presence of unauthorized access faster.

Following the hack, Latitude also announced that they had halted any trading activities within the company for the week when the hack occurred. Experts have declared this particular hack as major. At this time, it is not yet known how worried customers should really be about the data that have leaked. Customers are advised to keep track of their credit records and report any unusual activity to their local authorities, as this will allow an investigation to be conducted.

Other Recent Attacks In Australia

Latitude is only one of the recently targeted firms in Australia to be breached and has their data leaked. Last year, two other major companies in the country were also victims of similar attacks that caused customer data to be stolen by the attackers involved in the event.

In September 2022, a very serious cyberattack affected Optus. This particular cyberattack was classified as one of the worst in Australian history. During the attack, more than nine million accounts were leaked to the attacker. Contact details were the main data stolen during the cyberattack. Optus did respond by advising they were able to identify the fact that the attackers did not operate from within Australia but rather from a foreign location.

Some of the data that was held on account of these customers include:

• Physical address
• Full name and surname
• Date of birth
• Email address
• Phone numbers
• Driver’s license number

Due to the driver’s license number, concerns about potential identity theft have risen. With this said, Optus did announce that they are confident no payment data or user credentials were leaked during the attack, which means the services they offer their customers were still considered safe to use. This allowed Optus to continue providing cellular and internet services to customers while they were investigating this particular situation.

What has been announced too, is the fact that there was an API vulnerability that exposed the Optus network to the attack. Soon after discovering the attack, Optus did move to shut the API down in order to prevent the attacker from obtaining further data.

Apart from Optus, another major company in Australia that got hacked last year was Medibank.  Medibank is an insurance company that holds records of millions in Australia.

Medibank released an announcement on the 13th of October, 2022. The statement said that they had taken some of their systems offline in order to stop the attack that had occurred on their system. It took approximately one day before Medibank put its systems back online. Medibank was contacted by a group of hackers who wanted to negotiate with them. This was a type of ransom where the hackers had stolen about 200GB of data from the company’s servers. They were willing to negotiate the future of the data that was stolen by the company.

Initially, Medibank announced that no evidence was available to prove data was actually leaked. Later on, however, following investigations, it was found that personal data did leak from the servers.

As the rate of hacks and attacks continues to increase, there is growing concern among businesses, cybersecurity experts, and customers.

Conclusion

Latitude Financial has become the latest victim of cyberattacks, following similar events that affected Optus and Medibank, two other large Australian firms. While the data leaked from Latitude Financial was not in a million figure as in the former attacks, there were still over 300,000 accounts that got exposed during the attack. Latitude Financial is still working on strengthening its cybersecurity systems and internal networks to help prevent this type of occurrence in the upcoming future. This will help to provide better security for customer data and also give individuals peace of mind.

References

• https://cdn-api.markitdigital.com/apiman-gateway/ASX/asx-research/1.0/file/2924-02644401-3A614964?access_token=83ff96335c2d45a094df02a206a39ff4
• https://www.theguardian.com/technology/2022/oct/21/medibank-hack-explained-what-do-we-know-about-the-data-breach-and-who-is-at-risk

Written by The Original PC Doctor on 28/3/2023.