Latitude Financial (ASX: LFS) has refused to pay a ransom demand issued by the criminals behind a recent cyber attack on its systems which saw around 14 million personal documents stolen.
In a statement, the personal finance firm says paying the ransom would not only be detrimental to customers, but would cause harm by encouraging further criminal attacks - a position supported by Australian Government advice on cyber crime ransom requests.
The update comes two weeks after Latitude revealed the amount of personal information stolen by the cyber criminals was far worse than initially believed, with nearly 8 million drivers licence numbers exposed.
Other personal information stolen included 53,000 passport numbers, less than 100 financial statements, and 6.1 million records containing details like names, addresses, telephone numbers and dates of birth.
“Latitude will not pay a ransom to criminals. Based on the evidence and advice, there is simply no guarantee that doing so would result in any customer data being destroyed and it would only encourage further extortion attempts on Australian and New Zealand businesses in the future,” Latitude Financial CEO Bob Belan said.
“Our priority remains on contacting every customer whose personal information was compromised and to support them through this process.
“In parallel, our teams have been focused on safely restoring our IT systems, bringing staffing levels back to full capacity, enhancing security protections and returning to normal operations.”
The company now says its regular business operations are in the process of being restored, with its primary customer contact centre back online and operating at full capacity.
The matter remains under investigation by authorities, and the company says it is in the process of contacting all current and former customers and applicants whose information was compromised by the hack.
Further, Latitude confirmed that no suspicious activity had been recorded in its systems since the initial 16 March event.
“I apologise personally and sincerely for the distress that this cyber-attack has caused and I hope that in time we are able to earn back the confidence of our customers,” Belan said.
The news comes two weeks after law firms Gordon Legal and Hayden Stephens and Associates teamed up to investigate a potential class action law suit on behalf of the millions affected by the cyber attack.
In a joint statement, the two firms said they were investigating the circumstances surrounding the breach, including the effectiveness of Latitude’s security measures and protocols and whether the company took appropriate steps to protect customers’ personal information.
Both firms have a history with class action lawsuits; Gordon Legal was behind the Robodebt class action, while HSA is working on a class action on behalf of junior doctors in NSW alleging underpayment and unsafe excessive hours.
Shares in LFS are down 0.40 per cent to $1.25 per share in early trade.
Get our daily business news
Sign up to our free email news updates.
Help us deliver quality journalism to you.
As a free and independent news site providing daily updates
during a period of unprecedented challenges for businesses everywhere
we call on your support