Latitude uncovers ‘further evidence of large-scale information theft’

The announcement, released to the ASX before the company was reinstated for trading, says the ‘further evidence’ of information theft affects customers both past and present, and applicants across Australia and New Zealand.

Latitude said that, to the best of its knowledge, no compromised data had left its systems since Thursday 16 March 2023 when the cyber attack was first announced.

“We are continuing our forensic review to determine the full extent of the attack on Latitude and the amount of personal information stolen by the attacker,” Latitude said.

“Our people are working urgently to identify the total number of customers and applicants affected and the type of personal information that has been stolen.

“We appreciate how frustrating this latest development will be for our customers and we unreservedly apologise.”

The company said it was focused firmly on ‘containing’ the attack, progressing its forensic review of the actions taken by the attacker, and restoring its operational capability gradually over the coming days.

Earlier this week, Latitude announced it would be ‘days’ until its systems would be back online due to the ‘active’ cyber attack that saw the personal information of around 330,000 people stolen. This included copies of drivers’ licences, drivers’ licence numbers, passport numbers and Medicare numbers.

The firm, which sells a variety of financial products including credit cards under the brand names CreditLine, Buyer's Edge and Care Credit, said on Monday that it could not onboard new customers after isolating its tech platforms and taking them offline.

A trading suspension was also entered into voluntarily by Latitude on Monday, which has today lifted.

In the time since LFS resumed trading, shares in the company have dived by 13.69 per cent to $1.04 per share - 17 cents per share less than the position Latitude was in prior to announcing the cyber attack.