Latitude Financial has reportedly been hit by a “sophisticated and malicious” cyber-attack, with upwards of 103,000 identification documents – more than 97 per cent of which are copies of drivers’ licences – believed to have been stolen by hackers.
While Latitude states it “took immediate action” to isolate the breach once discovered, it confirmed the hacker was still able to obtain employee login credentials.
The company suspects that the attacker used employee login credentials to steal personal information held by two unnamed service providers.
In addition to the more than 100,000 ID documents stolen, 225,000 customer records were also poached from one of the service providers.
Latitude issued an immediate trading halt in the lead-up to its breach announcement, with normal trading to resume next Monday or when decided by the Australian Securities Exchange (ASX).
The company said it is currently contacting affected customers.
“Latitude is continuing to respond to this attack and is doing everything in its power to contain the incident and prevent the theft of further customer data, including isolating and removing access to some customer-facing and internal systems,” the company said in its release to the ASX.
“We are working with the Australian Cyber Security Centre, have alerted relevant law enforcement agencies and engaged several cyber security specialists to assist with Latitude’s response.”
“Latitude will cooperate with authorities to investigate this attack. Our priorities are to ensure the ongoing security of our customers, our employees and our partners while continuing to deliver services.”