Personal finance group Latitude Group (ASX: LFS) is anticipating a cash profit reduction of at least $128 million in 2023 following a data breach which meant new account originations and collections were restricted for five weeks.
In a trading update released this morning, Latitude says its cash NPAT for FY23 will be adversely impacted by reduced first-half earnings and has provided a range of $15 million to $25 million for the full year.
This compares to a $153.5 million cash NPAT in FY22, which itself was down on the prior financial year by 23 per cent from $200.1 million.
Cash profit for 1H23 is also expected to be significantly depressed and in the range of $5 million to $10 million, down from $93 million in 1H22.
The company also expects it will recognise approximately $53 million after tax in 1H23, which includes both costs incurred and a provision of $46 million associated with the cyber attack. This provision does not include the potential for regulatory fines, class actions, future system enhancements or an assumption of insurance proceeds.
As such, Latitude expects its 1H23 statutory loss after tax to be in the range of $95 million to $105 million, with the full year statutory result also expected to be a loss. The first half loss will be down from a statutory profit of $30.6 million in 1H22. Latitude says it is ‘unlikely’ to declare a dividend for shareholders as a result.
“Latitude had anticipated some normalisation in loss ratios across its portfolio, however the cyber-attack has materially worsened this trend due to lost collections activity,” Latitude said.
The financial woes follow a data breach in March which led to the theft of around 8 million Australian and New Zealand drivers licence numbers, 53,000 passport numbers, less than 100 financial statements and 6.1 million records containing personal information like names, addresses, telephone numbers and dates of birth.
The data breach also led to Australia’s privacy watchdog entering into a joint investigation with the New Zealand Office of the Privacy Commissioner (OPC) to scrutinise whether the finance firm took reasonable steps to protect the personal information they held from misuse, interference, loss, unauthorised access, modification or disclosure.
The company attributes the expected dive in profits to its cyber-attack response, which led to new account originations and collections being closed or severely restricted for a period of approximately five weeks. Since then, regular commercial operations have been fully restored.
“From the outset of the incident Latitude has sought to keep customers, partners, regulators, shareholders and the broader community as informed and up to date as has been possible,” Latitude said.
“No suspicious activity has been observed in our systems since 16 March 2023. Regular business operations were progressively restored following extensive assurance reviews of IT platforms and the implementation of incremental security measures where available.
“The attack on Latitude remains under investigation by the Australian Federal Police and we continue to co- operate fully with the Office of The Australian Information Commissioner and New Zealand Office of The Privacy Commissioner investigations. Extensive further enquiries from regulators are expected over the coming months.”
Shares in LFS are down 7.34 per cent to $1.20 per share at 11.02am AEST.
Help us deliver quality journalism to you.
As a free and independent news site providing daily updates
during a period of unprecedented challenges for businesses everywhere
we call on your support