CANBERRA (Reuters/ Dr. Majid Khan) Australian consumer finance firm Latitude Group Holdings Ltd (LFS.AX) said hackers stole nearly 8 million Australian and New Zealand drivers licence numbers in one of the country’s biggest confirmed data breaches, sending its shares lower.
The provider of credit cards and personal loans for some of Australia’s biggest retailers added the cyber intruder also took about 53,000 passport numbers and more than 6 million customer records, mostly from between 2005 and 2013, in what it called a “distressing development”.
The update showed the attack which temporarily froze Latitude’s operations affected far more customers than first disclosed by the company on March 16, when it said criminals took 103,000 licenses.
It now ranks among the country’s biggest data thefts, behind only Singapore Telecommunications Ltd-owned (STEL.SI) No. 2 telco Optus and medical insurer Medibank Private Ltd (MPL.AX) which each said details of about 10 million customer accounts were compromised in attacks late last year.
Since a wave of data breaches began with Optus, the Australian government has increased penalties for companies which fail to adequately protect customer data as part of an overhaul of the national cyber security strategy still underway. “Cyber-attacks are an increasing threat and are expected to become part of our lives in the years to come. ,” said Cybersecurity Minister Claire O’Neill.
“Our position remains that no customer should bear the cost of a data breach,” she added, noting that Latitude is working with authorities to manage the impact of the attack.
Latitude’s shares fell 2.5% in a flat overall market (AXJO) as investors feared the company’s exposure could be worse than previously thought.
“Every time we hear about a data breach, investors tend to assume the worst,” said Matt Simpson, senior market analyst at Citi Index.
Latitude said in a statement that its insurance covers cybersecurity risks. “We are remediating the platforms affected by the attack and implementing additional security monitoring to resume operations in the coming days,” CEO Ahmed Fahour said in a statement.
