Category: News

Acurus Pty Ltd News

Number of customer records affected in Latitude data breach rises to 14M

Financial services company Latitude has disclosed that the severity of its data breach in mid-March is much worse than initially reported.

In a statement made on 16 March, Latitude announced 225,000 customer documents were stolen by attackers using employee login credentials.

However, the number of records exposed is now expected to rise to 14 million following an updated release to the ASX.

The attack has affected a wide range of customer data including:

  • Approximately 7.9 million driver’s licence numbers from Australia and New Zealand
  • 53,000 passport numbers
  • Less than 100 monthly financial statements
  • Approximately 6.1 million customers names, addresses, phone numbers, and dates of birth

In an ASX announcement, Latitude has promised to reimburse customers who have had ID documents stolen.

“It is hugely disappointing that such a significant number of additional customers and applicants have been affected by this incident.” Latitude Financial CEO Ahmed Fahour said.

“We are committed to working closely with impacted customers and applicants to minimise the risk and disruption to them, including reimbursing the cost if they choose to replace their ID document.”

After an increase in data breach penalties last year, Latitude could face fines of up to $50m if found to have been negligent in protecting the data of its customers.

Do you know the security score of your key service providers? How safe is the data your organisation collects from its customers? Are you aware of the new laws around data breaches?

Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

Contact us below to speak with our cyber security experts and start the journey to protect your company today.

Contact



    Microsoft announces Microsoft 365 Copilot powered by GPT-4

    Microsoft announced last week it will be launching ‘Microsoft 365 Copilot’, an embedded productivity tool powered by revolutionary AI system, GPT-4.

    According to Microsoft, Copilot will be integrated with applications such as Word, Excel, PowerPoint, Outlook, and Teams.

    The announcement was made three days after a Google revealed plans for AI features within Google Workspace, including AI-assisted text generation in Gmail, Docs, and other applications.

    Satya Nadella, Chairman and CEO of Microsoft said Copilot will “fundamentally change the way we work.”

    “Today marks the next major step in the evolution of how we interact with computing,” he said.

    “With our new Copilot for work, we’re giving people more agency and making technology more accessible through the most universal interface — natural language.”

    Microsoft also announced plans to release a feature that extracts data from documents, presentations, emails, calendars, notes, and contacts into a single interface.

    Business Chat will work across all Microsoft 365 apps and will help summarise chats, write emails, find key dates, and more. 

    Microsoft 365 is now commonplace globally, with many organisations now utilising services within Microsoft 365 including SharePoint online, Microsoft Teams and OneDrive.

    Security of this critical and sensitive corporate data does not come as a standard with basic licensing within Microsoft 365 and needs to be configured.

    Contact our specialised and skilled engineers to perform a review of your Microsoft 365 environment and configure best practice security services to protect your organisation.

    Contact



      146b threats detected worldwide in 2022

      A new report by security software company Trend Micro has revealed cyber threat detection has increased to record breaking numbers.

      Rethinking Tactics: 2022 Annual Cybersecurity Report found 146 billion threats detected from 2021 to 2022, an increase of 55 per cent.

      Trend Micro’s Technical Director for Australia and New Zealand, Mick McCluney, stated that the vast scope of their threat intelligence indicates that 2022 was a year when cybercriminals took an “all-in” approach to maximise profits.

      The report revealed the following key findings from the 2021 to 2022 period:

      • The use of malicious files in attacks increased nearly 242 per cent in blocked attempts
      • Webshells were the most detected malware globally, with a 103 per cent rise in use, followed by Emotet.
      • While LockBit and BlackCat were the top ransomware strains
      • 116 per cent increase in backdoor malware detections in Australia
      • The types of bugs and vulnerabilities being taken advantage of by bad actors hasn’t largely changed
      • An increase of faulty and incomplete patches
      • The number of critical CVEs (common vulnerabilities and exposures) doubled

      Trend Micro recommends that organisations adopt a platform-based approach to manage their cyber attack surface, mitigate the skills shortage and associated gaps, and reduce the costs of point solutions to effectively combat threat actors.

      What measures are you taking to protect your organisation from the threat of a cyber attack? Do you know your Cyber Security capabilities, and your level of risk? Do you have a clear plan on how to improve your capabilities?

      If you are concerned about cyber threats and don’t understand what your level of risk is, request a free assessment to start your journey on protecting your company, employees and customers below.

      Contact



        Thousands of customer IDs ransacked in Latitude cyber attack

        Over 100,000 identification documents were stolen as part of an attack on Latitide Group Holdings (LGH).

        In a statement made on 16 March, LGH announced customer documents such as driver’s licenses and customer records were stolen by attackers using employee login credentials.

        The ASX statement was made as part of a cyber incident report requesting a trading halt on LGH’s share price.

        The financial services provider said it detected unusual activity on its systems from a major vendor used by Latitude in the days proceeding the incident.

        “Latitude understands that approximately 103,000 identification documents, more than 97 per cent of which are copies of driver’s licences, were stolen from the first service provider,” a spokesperson said.

        “Approximately 225,000 customer records were also stolen from the second service provider.”

        “We are working with the Australian Cyber Security Centre, have alerted relevant law enforcement agencies and engaged several cyber security specialists to assist with Latitude’s response.”

        Do you know the security score of your key service providers? How safe is the data your organisation collects from its customers? Are you aware of the new laws around data breaches?

        Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

        Contact us below to speak with our cyber security experts and start the journey to protect your company today.

        Contact



          Fortinet Global Threat Landscape Report for second half of 2022

          Fortinet Global Threat Landscape Report for second half of 2022

          Fortinet has released its semiannual Global Threat Landscape Report for the second half of 2022.

          The report by FortiGuard Labs, the threat intelligence and research organisation at Fortinet, presents findings and insights from six months of intense research.

          The key highlights from the report include a resurgence of familiar names in malware, an increase in ransomware and wipers, botnet Raspberry.Robin, exchange becoming a post-exploitation hotpot and more use of pre-ATT&ACK.

          The threat landscape shows that the mass distribution of wiper malware continues to showcase the destructive evolution of cyberattacks.

          New intelligence is allowing CISOs to prioritise risk mitigation efforts and minimise the active attack surface with the expansion of the “Red Zone” approach. This approach involves identifying critical assets and placing them in a highly secure zone, with increased monitoring and access controls, to prevent attackers from gaining access to them.

          The report also highlights that the ransomware threat remains at peak levels, with no evidence of slowing down globally.

          The proliferation of Ransomware-as-a-Service (RaaS) has enabled cybercriminals to develop new variants of ransomware, making it more difficult for organisations to defend against these attacks.

          The report highlights the need for organisations to take proactive measures to protect their networks against these types of threats.

          What measures are you taking to protect your organisation from the threat of a cyber attack? Do you know your Cyber Security capabilities, and your level of risk? Do you have a clear plan on how to improve your capabilities?

          If you are concerned about cyber threats and don’t understand what your level of risk is, request a free assessment to start your journey on protecting your company, employees and customers below.

          Contact



            PC company Acer confirms 160GB of data stolen in its latest breach

            Acer has confirmed one of its servers has been hacked with 160GB of data being accessed.

            The Taiwanese PC manufacturer recently detected unauthorised access to one of its document servers for repair technicians.

            On March 6 a threat actor posted on a popular hacking forum that they had obtained a hoard of technical data from Acer.

            The post included a supposed list of the data available for sale, which included apparent confidential slide presentations, technical manuals, back-end infrastructure details, ISO files, and “tons of BIOS stuff”, as well as ROM files.

            “The leak contains a total 160GB of directories, and 2,869 files,” the post read.

            The hacker also claimed to have “confidential product model documentation and information of phones, tablets, laptops, etc.”

            Acer are continuing to investigate the incident although currently there is no indication that any consumer data has been compromised.

            Do you know the security score of your key service providers? How safe is the data your organisation collects from its customers? Are you aware of the new laws around data breaches?

            Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

            Contact us below to speak with our cyber security experts and start the journey to protect your company today.

            Contact