Category: Cyber Security

Number of customer records affected in Latitude data breach rises to 14M

Financial services company Latitude has disclosed that the severity of its data breach in mid-March is much worse than initially reported.

In a statement made on 16 March, Latitude announced 225,000 customer documents were stolen by attackers using employee login credentials.

However, the number of records exposed is now expected to rise to 14 million following an updated release to the ASX.

The attack has affected a wide range of customer data including:

  • Approximately 7.9 million driver’s licence numbers from Australia and New Zealand
  • 53,000 passport numbers
  • Less than 100 monthly financial statements
  • Approximately 6.1 million customers names, addresses, phone numbers, and dates of birth

In an ASX announcement, Latitude has promised to reimburse customers who have had ID documents stolen.

“It is hugely disappointing that such a significant number of additional customers and applicants have been affected by this incident.” Latitude Financial CEO Ahmed Fahour said.

“We are committed to working closely with impacted customers and applicants to minimise the risk and disruption to them, including reimbursing the cost if they choose to replace their ID document.”

After an increase in data breach penalties last year, Latitude could face fines of up to $50m if found to have been negligent in protecting the data of its customers.

Do you know the security score of your key service providers? How safe is the data your organisation collects from its customers? Are you aware of the new laws around data breaches?

Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

Contact us below to speak with our cyber security experts and start the journey to protect your company today.

Contact



    146b threats detected worldwide in 2022

    A new report by security software company Trend Micro has revealed cyber threat detection has increased to record breaking numbers.

    Rethinking Tactics: 2022 Annual Cybersecurity Report found 146 billion threats detected from 2021 to 2022, an increase of 55 per cent.

    Trend Micro’s Technical Director for Australia and New Zealand, Mick McCluney, stated that the vast scope of their threat intelligence indicates that 2022 was a year when cybercriminals took an “all-in” approach to maximise profits.

    The report revealed the following key findings from the 2021 to 2022 period:

    • The use of malicious files in attacks increased nearly 242 per cent in blocked attempts
    • Webshells were the most detected malware globally, with a 103 per cent rise in use, followed by Emotet.
    • While LockBit and BlackCat were the top ransomware strains
    • 116 per cent increase in backdoor malware detections in Australia
    • The types of bugs and vulnerabilities being taken advantage of by bad actors hasn’t largely changed
    • An increase of faulty and incomplete patches
    • The number of critical CVEs (common vulnerabilities and exposures) doubled

    Trend Micro recommends that organisations adopt a platform-based approach to manage their cyber attack surface, mitigate the skills shortage and associated gaps, and reduce the costs of point solutions to effectively combat threat actors.

    What measures are you taking to protect your organisation from the threat of a cyber attack? Do you know your Cyber Security capabilities, and your level of risk? Do you have a clear plan on how to improve your capabilities?

    If you are concerned about cyber threats and don’t understand what your level of risk is, request a free assessment to start your journey on protecting your company, employees and customers below.

    Contact



      Thousands of customer IDs ransacked in Latitude cyber attack

      Over 100,000 identification documents were stolen as part of an attack on Latitide Group Holdings (LGH).

      In a statement made on 16 March, LGH announced customer documents such as driver’s licenses and customer records were stolen by attackers using employee login credentials.

      The ASX statement was made as part of a cyber incident report requesting a trading halt on LGH’s share price.

      The financial services provider said it detected unusual activity on its systems from a major vendor used by Latitude in the days proceeding the incident.

      “Latitude understands that approximately 103,000 identification documents, more than 97 per cent of which are copies of driver’s licences, were stolen from the first service provider,” a spokesperson said.

      “Approximately 225,000 customer records were also stolen from the second service provider.”

      “We are working with the Australian Cyber Security Centre, have alerted relevant law enforcement agencies and engaged several cyber security specialists to assist with Latitude’s response.”

      Do you know the security score of your key service providers? How safe is the data your organisation collects from its customers? Are you aware of the new laws around data breaches?

      Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

      Contact us below to speak with our cyber security experts and start the journey to protect your company today.

      Contact



        Fortinet Global Threat Landscape Report for second half of 2022

        Fortinet Global Threat Landscape Report for second half of 2022

        Fortinet has released its semiannual Global Threat Landscape Report for the second half of 2022.

        The report by FortiGuard Labs, the threat intelligence and research organisation at Fortinet, presents findings and insights from six months of intense research.

        The key highlights from the report include a resurgence of familiar names in malware, an increase in ransomware and wipers, botnet Raspberry.Robin, exchange becoming a post-exploitation hotpot and more use of pre-ATT&ACK.

        The threat landscape shows that the mass distribution of wiper malware continues to showcase the destructive evolution of cyberattacks.

        New intelligence is allowing CISOs to prioritise risk mitigation efforts and minimise the active attack surface with the expansion of the “Red Zone” approach. This approach involves identifying critical assets and placing them in a highly secure zone, with increased monitoring and access controls, to prevent attackers from gaining access to them.

        The report also highlights that the ransomware threat remains at peak levels, with no evidence of slowing down globally.

        The proliferation of Ransomware-as-a-Service (RaaS) has enabled cybercriminals to develop new variants of ransomware, making it more difficult for organisations to defend against these attacks.

        The report highlights the need for organisations to take proactive measures to protect their networks against these types of threats.

        What measures are you taking to protect your organisation from the threat of a cyber attack? Do you know your Cyber Security capabilities, and your level of risk? Do you have a clear plan on how to improve your capabilities?

        If you are concerned about cyber threats and don’t understand what your level of risk is, request a free assessment to start your journey on protecting your company, employees and customers below.

        Contact



          PC company Acer confirms 160GB of data stolen in its latest breach

          Acer has confirmed one of its servers has been hacked with 160GB of data being accessed.

          The Taiwanese PC manufacturer recently detected unauthorised access to one of its document servers for repair technicians.

          On March 6 a threat actor posted on a popular hacking forum that they had obtained a hoard of technical data from Acer.

          The post included a supposed list of the data available for sale, which included apparent confidential slide presentations, technical manuals, back-end infrastructure details, ISO files, and “tons of BIOS stuff”, as well as ROM files.

          “The leak contains a total 160GB of directories, and 2,869 files,” the post read.

          The hacker also claimed to have “confidential product model documentation and information of phones, tablets, laptops, etc.”

          Acer are continuing to investigate the incident although currently there is no indication that any consumer data has been compromised.

          Do you know the security score of your key service providers? How safe is the data your organisation collects from its customers? Are you aware of the new laws around data breaches?

          Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

          Contact us below to speak with our cyber security experts and start the journey to protect your company today.

          Contact



            Commonwealth Bank Indonesian subsidiary hacked, 162m Users’ data compromised

            PT Bank Commonwealth (PTCB), the Indonesian subsidiary of the Commonwealth Bank of Australia (CBA), has announced it has suffered a major cyber security attack.

            The criminals who claim to be behind the attack said they have obtained data from 162 million users.

            The cyber attack occurred when unauthorised parties accessed a web-based software application used for project management, according to an announcement from CBA on behalf of PTBC.

            Despite the incident PT Bank Commonwealth “continue to operate as normal”, the statement said.

            CBA has said its own systems are separate to those accessed by the hackers, “Commonwealth Bank of Australia’s systems are segregated from PTBC’s systems,”

            “We are working closely with PTBC and supporting their efforts in this matter.”

            This is the newest Australian owned business to suffer a major data breach in a string of similar incidents across the country.

            The severity of these recent attacks have been an opportunity for criminal groups, leaving Australia to be seen a soft target for cyber crime.

            Do you know the security score of your key service providers? How safe is the data your organisation collects from its customers? Are you aware of the new laws around data breaches?

            Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

            Contact us below to speak with our cyber security experts and start the journey to protect your company today.

            Contact