April 3, 2023

Latitude, the largest non-bank financial service provider in Australia, has announced a data breach that has exposed 14 million records.

The breach, which occurred in mid-March, was initially estimated to have impacted 328,000 customers, with the majority of records being driver’s license information. However, the updated information indicates that passport numbers and personal information of loan applicants were also stolen.

The breach has raised serious concerns as to why Latitude was holding some of this information for so long, with records dating back as far as 18 years. The company has offered to reimburse those that need to replace stolen documents due to the data breach. The Australian Federal Police (AFP) has announced it is expanding its “Operation Guardian” program to cover the attack.

Sylvain Cortes, VP of Strategy at Hackuity, notes that the total damage for Latitude will be massive and cannot even yet be accurately predicted. The breach is the largest-known data breach on an Australian financial institution, and attackers have achieved a major feat. The financial and brand damage Latitude will now suffer for years is significant, not to mention the millions of compromised customers who are paying the price alongside them.

The updated data breach information indicates that 7.9 million driver’s license numbers were stolen, and 6.1 million records contain full names, addresses, dates of birth, and telephone numbers. About 53,000 passport numbers and monthly financial statements for “less than 100 customers” were also lost in the attack.

This data breach follows a string of major breaches in Australia that began in late 2022, with incidents involving very large amounts of records. Meriton, a real estate giant, has also recently disclosed a data breach.

The sources for this piece include an article in CPO MAGAZINE.