Latitude reveals that a ransom has been demanded

Latitude Financial has been hit by a ransom demand from hackers who stole millions of customers’ data last month, but the company has insisted it will not pay.

It said on Tuesday it would not reward criminal behavior and did not think coughing up the ransom would lead to stolen customer information being returned or destroyed.

About 7.9 million people had their driver’s license details and about 53,000 passport numbers stolen in the hack, which was discovered last month.

Latitude admitted that an additional 6.1 million records dating back to at least 2005 were poached, including names, addresses, phone numbers and dates of birth.

Monthly financial statements were stolen from fewer than 100 customers, the consumer finance company told the ASX in March.

The attackers, as part of their ransom threat, had detailed stolen data consistent with Latitude’s disclosure of the number of affected customers, the company revealed.

“Latitude will not pay ransom to criminals,” CEO Bob Belan said Tuesday.

“Based on the evidence and advice, there is simply no guarantee that this would result in the destruction of customer data and would only encourage further extortion attempts against Australian and New Zealand companies in the future.

Our priority remains to contact any customer whose personal information has been compromised and to support them through this process.

“At the same time, our teams have focused on safely recovering our IT systems, returning the workforce to full capacity, improving security and returning to business as usual.

“I personally and sincerely apologize for the distress this cyber-attack has caused and I hope that we can regain our customers’ trust over time.”

The hack is being investigated by the Australian Federal Police, while Latitude Financial is working with the Australian Cyber ​​Security Center and cybersecurity experts to determine the cause.

The company added in its update: “We are in the process of contacting all customers, former customers and applicants whose information has been compromised, with details of the stolen information, the support we provide and our plans for recovery.

“We will complete this process as soon as possible. We encourage all our customers to remain vigilant and alert to possible scam attempts.

“As far as we know, there has been no suspicious activity in Latitude’s systems since Thursday, March 16, 2023.”

News of the ransom comes after it was revealed that law firms Hayden Stephens and Associates and Gordon Legal had announced a possible class action lawsuit against the company, which provides consumer finance services to David Jones, JB Hi-Fi, Apple, The Good Guys and Harvey Norman.

The law firms will investigate the hack as part of a possible class action and are urging clients to sign up for updates.

Attorney Hayden Stephens said it needs to determine how the breach occurred and what damages were passed on to Latitude customers.

“A big part of our research is getting answers to those questions,” Mr. Stephens, director of Hayden Stephens and Associates, told Sunrise.

“It is possible, even probable, that this breach could have been avoided.”

Mr Stephens previously told the Australian newspaper that the possibility of compensation was being explored.

While all customers are encouraged to register for updates to the investigation, customers will likely need to prove damages from the breach in order to join a potential class action lawsuit.