Latitude leak reveals personal financial data

Latitude Financial has revealed its recent data breach included much more than individual drivers’ licences and passports for those who have applied for or received credit from the organisation in Australia and New Zealand. It included personal financial data and employment history provided on loan applications.

A letter from Latitude Financial Services CEO Bob Belan advises that “In addition to our previous notification to you, our further analysis has determined that you have had additional information stolen. This information was provided by you at the time you made an enquiry or applied for a personal loan from Latitude.

“This information includes:

• General financial information that was used to assess your personal loan application which, where applicable, includes details about your employment, income, expenses, assets and liabilities.”

The extent of the Latitude data breach has grown more extensive in each announcement since it was initially revealed on March 16.

At first it was advised that the breach comprised personal information of 330,000 customers in Australia and New Zealand, of which 96% was copies of drivers' licences or drivers’ licence numbers.

A week later that was upped to 7.9 million Australian and New Zealand drivers licence numbers and a further 6.1 million records dating back to 2005, which included only basic personal information: name, address, telephone, date of birth.

Now the company has revealed the breach is far more extensive than initially advised, and includes sensitive personal financial information that could be utilised by criminal organisations.

Latitude confirmed it has been contacted by the group behind the hack demanding ransom but would not pay them.

“We will not reward criminal behaviour, nor do we believe that paying a ransom will result in the return or destruction of the information that was stolen,” it said in a statement to the ASX.

Retailer Coles has been informed by Latitude that its credit card offering had been impacted by the breach, but has not said how many customers have been impacted.