Latitude cyberattack leads to data theft at two service providers

Databreach

Latitude Financial Services (Latitude) has disclosed a data breach after suffering a cyberattack, causing the company to shut down internal and customer-facing systems.

Latitude is one of Australia’s largest personal loans provider and the country’s largest non-bank consumer credit lender.

A subsidiary of Deutsche Bank and KKE, the firm provides a broad spectrum of consumer finance services, including unsecured personal loans, credit cards, car loans, personal insurance, and interest-free retail finance.

Moreover, Latitude provides major Australian retailers like Harvey Norman, JB Hi-Fi, David Jones, and The Good Guys with “buy now, pay later” (BNPL) schemes.

One breach leads to another

According to the ‘cyber incident’ notification, Latitude’s internal systems were breached, allowing a threat actor to steal an employee’s login. These credentials were then used for logging into two of the company’s service providers to steal customer data.

“As of today, Latitude understands that approximately 103,000 identification documents, more than 97% of which are copies of drivers’ licenses, were stolen from the first service provider,” explains Latitude.

“Approximately 225,000 customer records were also stolen from the second service provider.”

Latitude has not clarified if the records from the second provider contain similar data as the first provider, i.e., ID and driver’s licenses or other information.

BleepingComputer has requested a comment from the firm to clarify that, and we will update this story as soon as we receive a response.

Exposed customers are not expected to take any action to protect themselves at this time. However, it is recommended that they stay vigilant, as their stolen data may be used in phishing or social engineering attacks.

The company has shut down several internal and customer-facing systems while responding to the incident and says that the effort to contain the attack and prevent breaches or further customer data is still underway.

While the public announcement was made available to all customers, those determined to be directly impacted by the security incident will receive personal notifications.


Original Source


 


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

 To keep up to date follow us on the below channels.

join
Telegram
discord
Discord
reddit
Reddit
linkedin
LinkedIn