On Thursday, Latitude Financial disclosed what it believes to be a “sophisticated and malicious cyber attack” in which 328,000 identification documents and customer records were stolen.
After requesting a trading halt earlier on Thursday, Latitude noted in an ASX announcement that it had detected “unusual activity” on its system in recent days.
“While Latitude took immediate action, the attacker was able to obtain Latitude employee login credentials before the incident was isolated,” the company said.
“The attacker appears to have used the employee login credentials to steal personal information that was held by two other service providers.”
Approximately 103,000 identification documents were stolen from one service provider, while approximately 225,000 customer records were stolen from another service provider
“Latitude apologises to the impacted customers and is taking immediate steps to contact them. Further updates will be provided to the ASX and on Latitude’s website,” it said.
Nigel Phair, a professor of practice at Monash University’s Department of Software Systems & Cybersecurity, said that it was “disappointing, yet unsurprising” to see another Australian organisation suffer a cyber attack and subsequent data breach.
“Until all Australian companies prioritise risk management of their online assets, this will continue,” he said.
“This attack also highlights that many intrusions into organisations occur through trusted third-party organisations who themselves often do not prioritise cyber security risk management.”
The attack on Latitude Financial follows high profile cyber attacks on Optus and Medibank last year which compromised the personal details of millions of Australians.
In its statement, Latitude said that it was continuing to respond to the attack and doing “everything in its power” to contain the incident and prevent the theft of more customer data.
“We are working with the Australian Cyber Security Centre, have alerted relevant law enforcement agencies, and engaged several cyber security specialists to assist with Latitude’s response,” it said.
“Latitude will cooperate with authorities to investigate this attack. Our priorities are to ensure the ongoing security of our customers, our employees, and our partners while continuing to deliver services.”
In his response to the cyber attack, Mr Phair stressed that the banking and finance sector ranks as Australia’s “most important critical infrastructure sector”.
“It is important that all organisations in this sector put extra effort into cyber security and ensure the trust and safety in the broader sector for all Australians,” he concluded
