The fallout from a cyber attack on personal loans firm Latitude (ASX: LFS) is far worse than initially believed, with the company today announcing approximately 7.9 million Australian and New Zealand drivers licence numbers were stolen.
This is a significant increase on the 330,000 pieces of stolen personal information originally flagged by the company last week, and includes 3.2 million (or 40 per cent) drivers licence numbers that were provided to the company in the last 10 years.
For context, the number of licence numbers that were stolen equates to roughly a quarter of the combined population of Australia and New Zealand.
In addition, approximately 53,000 passport numbers were stolen, and less than 100 customers had a financial statement stolen.
A further 6.1 million records dating back to at least 2005 were also stolen, of which 94 per cent (5.7 million) were provided before 2013. These documents contain personal information including names, addresses, telephone numbers and dates of birth.
The update from Latitude comes from a forensic review of the ‘sophisticated and malicious’ cyber attack which led to the company’s systems being taken offline last week.
According to Latitude, ‘no suspicious activity’ has been observed in its systems since 16 March and the firm is still working with the Australian Federal Police and the Australian Cyber Security Centre on investigating the hack.
The company says it will reimburse customers who choose to replace their stolen ID documents, and a dedicated contact centre is available for affected individuals.
"It is hugely disappointing that such a significant number of additional customers and applicants have been affected by this incident. We apologise unreservedly,” says Latitude Financial CEO Ahmed Fahour.
“We are committed to working closely with impacted customers and applicants to minimise the risk and disruption to them, including reimbursing the cost if they choose to replace their ID document. We are also committed to a full review of what has occurred.
"We urge all our customers to be vigilant and on the lookout for suspicious behaviour relating to their accounts. We will never contact customers requesting their passwords.”
Fahour adds that the company is working ‘around the clock’ to restore Latitude’s operations.
“We are rectifying platforms impacted in the attack and have implemented additional security monitoring as we return to operations in the coming days,” he says.
“We thank customers and merchant partners for their support and patience. Customers can continue to make transactions on their Latitude credit card.”
Shares in LFS are down 1.65 per cent to $1.19 per share at 10.34am.
Get our daily business news
Sign up to our free email news updates.