Two Australian law firms have joined forces to investigate the possibility of legal recourse for the millions affected by a cyber attack on personal finance firm Latitude Financial (ASX: LFS).
Gordon Legal and Hayden Stephens and Associates (HSA) today announced they were investigating potential legal action against the fintech which yesterday announced that approximately 7.9 million Australian and New Zealand drivers licence numbers were stolen in a hack on its systems.
Other personal information that was stolen included around 53,000 passport numbers, less than 100 customer financial statements and 6.1 million records containing personal information including names, addresses, telephone numbers and dates of birth.
“We are deeply concerned about the impact of this data breach on Latitude customers," said Gordon Legal partner James Naughton.
“We are investigating how a breach of this size could occur. Latitude customers deserve to understand their legal rights and the steps that have been taken to protect their personal data.”
In a joint statement, the two firms said they were investigating the circumstances surrounding the breach, including the effectiveness of Latitude’s security measures and protocols and whether the company took appropriate steps to protect customers’ personal information.
Both firms have a history with class action lawsuits; Gordon Legal was behind the Robodebt class action, while HSA is working on a class action on behalf of junior doctors in NSW alleging underpayment and unsafe excessive hours.
The move reflects the legal sector’s reaction to the Medibank (ASX: MPL) 2022 data security breach which resulted in the personal data of 9.7 million Australian customers being stolen.
Since that incident, four law firms announced class action lawsuits against Medibank - three of which from Maurice Blackburn Lawyers, Bannister Law Class Actions and Centennial Lawyers were combined.
The fourth is from international law firm Baker McKenzie which launched its action against the private health insurer in early 2023.
Similarly, following a 2022 data breach at telco Optus that exposed almost 10 million current and former customers to identity theft, Maurice Blackburn and Slater & Gordon (ASX: SGH) both announced they were considering suing on behalf of aggrieved customers.
Latitude is yet to comment on the potential legal action from Gordon Legal and HSA.
AFP extends cybercrime taskforce to protect Latitude customers
A cybercrime task force initially established by the Australian Federal Police (AFP) to protect those impacted by both the Optus and Medibank data breaches has expanded its remit to cover the fallout from the Latitude hack.
‘Operation Guardian’, a joint initiative run by state and territory police, works with public and private sector agencies to search the Internet to identify those attempting to buy or sell personally identifiable information.
This protection has now been expanded to cover Latitude customers, and the AFP says it will take ‘immediate action’ on individuals or groups found to be selling stolen personal information online.
“It is an offence to buy stolen personal information online, which could include a penalty of up to 10 years’ imprisonment. It is also an offence to blackmail or menace customers,” the AFP said.
“There is no evidence to date that the personal details of Latitude Services customers are available, or being sold on online or dark web forums.”
Get our daily business news
Sign up to our free email news updates.
Help us deliver quality journalism to you.
As a free and independent news site providing daily updates
during a period of unprecedented challenges for businesses everywhere
we call on your support