This is our daily post that is shared across Twitter & Telegram and published first on here with Kindness & Love XX on peace-truth.com/
#AceNewsRoom in Kindness & Wisdom provides News & Views @acenewsservices
#AceNewsDesk – Latitude Financial warns customer data breach could widen and hack ‘remains active’ after the amount of customer data stolen from Australian company Latitude Financial may grow, with the non-bank lender confirming that drivers licences, passports and Medicare numbers have already been hacked.
Some have criticised the company for not telling them sooner what sort of data had actually been breached or if their information had been compromised.
The company went public about the cyber attack last Thursday.
It said then that about 330,000 customers were thought to have had their personal information stolen.
Today it reiterated that the vast majority of data thought to have been stolen were copies of licences and their numbers.
However, it said about 5 per cent of what had been confirmed stolen was copies of passports and Medicare cards.
The company said on Monday the scope of what was thought to have been stolen might grow as it continued to review “non-customer originating platforms and historical customer information”.
“We are likely to uncover more stolen information affecting both current and past Latitude customers and applicants,” it said.
“Latitude encourages our customers to remain vigilant. We will never contact customers requesting their passwords.”
“The attack on Latitude is now the subject of an investigation by the Australian Federal Police.”
It said also the situation “remains active”.
UNSW Institute for Cybersecurity’s Associate Professor Rob Nicholls said this was “even more concerning”.
“It suggests that Latitude’s service providers have not really addressed the problem,” he told ABC News.
“It also increases the likelihood of a hybrid attack that is both ransom and theft.
“If the intruders are still in the system, they have an opportunity to encrypt files.”
The non-bank lender offers short-term loans, credit cards and travel cards, and buy now pay later services with major retailers, including Apple, Harvey Norman and JB Hi-Fi.
The company has faced anger and criticism from its estimated 2.8 million customers about the cyber attack.
The company’s call centre is also offline, apparently due to ongoing security risks after the hack, which is only further upsetting customers.
Latitude says it will today start contacting customers who are thought to have had their data stolen.
It noted the breach affected past and present customers.
Today, Latitude’s chief executive Ahmed Fahour apologised to them.
“I sincerely apologise to our customers and partners for the distress and inconvenience this criminal act has caused,” he said in today’s statement.
“I understand fully the wider concern that this cyber-attack has created within the community.
“While we continue to deliver transactional services, some functionality has been affected resulting in disruption.
“We are working extremely hard to restore full services to our customers and merchant partners and thank them for their patience and support. We understand their frustration.”Latitude has provided limited details about the data breach to its customers so far.(ABC News: Sean Warren)none
The incident follows well-publicised breaches on telco Optus and private health insurer Medibank.
Latitude Financial did not reply to questions from ABC News about whether the hackers had asked for a ransom.
Medibank customers’ data was posted to the dark web last year after the insurer refused to cough up money to a Russian-linked entity for its stolen data.
The federal government has previously backed the decision of companies not to pay ransoms, and it has also announced plans to overhaul a $1.7 billion cybersecurity plan set up under former prime minister Scott Morrison.
A national cyber office — led by a new coordinator for cybersecurity — will be established under the Home Affairs Department to lead the renewed strategy.
Speaking on Friday, federal Treasurer Jim Chalmers confirmed Latitude was working with relevant federal authorities on the “substantial cyber breach”, which is potentially subject to a criminal investigation.
“People are obviously concerned when we have these kinds of data breaches,” he said.
“And there’s a hunger for information, and I understand that.”
Latitude Financial is the latest big company to announce a cyber attack that exposed customer data. This is what we know so far
Latitude Financial has become the latest major Australian company to be hit by a cyber attack, announcing that personal data of almost 330,000 customers had been stolen.
The hack follows those of Medibank and Optus in October last year, exposing the data of 9.7 million and 2 million Australians respectively.
Latitude Financial is an Australian company offering digital banking services including a range of loans, insurance and credit cards.
It was formed out of GE in 2015 and listed on the Australian stock exchange (ASX) in 2021.
Optus or Medibank, experts say it’s all about money Millions of Australians have had a bad run with their personal data lately. With all this going on, you might be left wondering what exactly the hackers are doing with your data and how it could affect you?Read more
Until late February it offered a buy now, pay later service called LatitudePay, closing it after a review determined it had been effective at attracting customers but was “an immaterial part of the business”.
It still works with large retailers on “instalments products” that serve a similar purpose.
CreditLine is only available through Apple, while the Latitude Go Mastercard and Latitude Gem Visa offer long-term interest-free shopping at partners including Harvey Norman, JB HiFi and The Good Guys, while also acting as normal credit cards.
In a March 16 statement to the ASX, Latitude announced it had “detected unusual activity on its systems over the last few days that appears to be a sophisticated and malicious cyber attack“.
It said the attack appeared to have originated from “a major vendor used by Latitude”, which the ABC understands was essentially a back-end infrastructure provider.
This resulted in the attacker obtaining Latitude employee login credentials before being stopped.
Those credentials were then used to steal personal information held by other service providers.
“As of today, Latitude understands that approximately 103,000 identification documents, more than 97 per cent of which are copies of drivers’ licences, were stolen from the first service provider”, the company said in its statement.
“Approximately 225,000 customer records were also stolen from the second service provider.”
Some customer-facing and internal systems were removed in an attempt to stop more data from being taken.
The company said it was working with the Australian Cyber Security Centre, had alerted relevant law enforcement agencies and engaged cybersecurity specialists.
It also said it was contacting those customers affected by the attack.
Latitude has 2.8 million current customers. It could not tell ABC News whether the hack concerned only their data or potentially former customers too.
UNSW Associate Professor Rob Nicholls says it is one of the first major hacks on a financial services company in Australia, making it significant.
Latitude Group Holdings Ltd is in a trading halt until Monday.
How concerned should customers be?
UNSW cybersecurity expert Richard Buckland told ABC News the breach was “very concerning” given the level of information people have to give over to get loans.
“It’s precisely the information an attacker needs to take out a loan in your name; the information you use to take out a loan in your name,” Professor Buckland said.Professor Buckland said the Latitude breach was “very concerning”.(ABC News: Elena De Bruijne)none
The big problem is the stolen copies of drivers’ licences that Latitude emphasised in its statement.
Professor Buckland said the company’s statement was “a bit coy” about what precisely had been stolen.
He said it was unclear if the licence card ID numbers had been accessed, which would make the breach more concerning than simply the cards themselves being stolen.
With a copy of your licence, criminals can open lines of credit in your name and buy personal items, apply for credit cards or large personal loans and then disappear, leaving you with the bill and a trashed credit history.
Drivers’ licences have been described as a “golden ticket” for criminals and are the most common identity documents used to commit fraud.
The Australian Bureau of Statistics’ most recent report into personal fraud found that 159,600 Australians had experienced identity theft over the 2021-22 financial year, and 537,200 over the previous five years.
After the massive Optus data breach in October last year, which affected more than 2 million customers, the states and territories moved to allow those affected to change their licence numbers.
Some jurisdictions waived replacement fees for those affected, while Optus offered reimbursements to others.
We do not yet know if similar support will be offered to those affected by this breach.
Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily and thanks for following as always appreciate every like, reblog or retweet and comment thank you