Number of customer records affected in Latitude data breach rises to 14M

Financial services company Latitude has disclosed that the severity of its data breach in mid-March is much worse than initially reported.

In a statement made on 16 March, Latitude announced 225,000 customer documents were stolen by attackers using employee login credentials.

However, the number of records exposed is now expected to rise to 14 million following an updated release to the ASX.

The attack has affected a wide range of customer data including:

  • Approximately 7.9 million driver’s licence numbers from Australia and New Zealand
  • 53,000 passport numbers
  • Less than 100 monthly financial statements
  • Approximately 6.1 million customers names, addresses, phone numbers, and dates of birth

In an ASX announcement, Latitude has promised to reimburse customers who have had ID documents stolen.

“It is hugely disappointing that such a significant number of additional customers and applicants have been affected by this incident.” Latitude Financial CEO Ahmed Fahour said.

“We are committed to working closely with impacted customers and applicants to minimise the risk and disruption to them, including reimbursing the cost if they choose to replace their ID document.”

After an increase in data breach penalties last year, Latitude could face fines of up to $50m if found to have been negligent in protecting the data of its customers.

Do you know the security score of your key service providers? How safe is the data your organisation collects from its customers? Are you aware of the new laws around data breaches?

Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

Contact us below to speak with our cyber security experts and start the journey to protect your company today.