Latitude reveals it has been hit with a ransom demand

Latitude Financial has been hit with a ransom demand from hackers who stole the details of millions of customers last month – but the company has insisted it will not be paying.

It said on Tuesday said it would not reward criminal behaviour and did not think coughing up the ransom money would see customers’ stolen information returned or destroyed.

About 7.9 million people had their driver’s licence details taken, and about 53,000 passport numbers were stolen in the hack, which was detected last month.

Latitude admitted an additional 6.1 million records dating back to at least 2005 were also poached, including names, addresses, telephone numbers and dates of birth.

Fewer than 100 customers had a monthly financial statement stolen, the consumer finance company told the ASX in March.

The attackers had, as part of their ransom threat, detailed stolen data consistent with Latitude’s disclosure about how many customers were affected, the company revealed.

‘Latitude will not pay a ransom to criminals,’ company chief executive Bob Belan said on Tuesday.

‘Based on the evidence and advice, there is simply no guarantee that doing so would result in any customer data being destroyed and it would only encourage further extortion attempts on Australian and New Zealand businesses in the future.

‘Our priority remains on contacting every customer whose personal information was compromised and to support them through this process. 

‘In parallel, our teams have been focused on safely restoring our IT systems, bringing staffing levels back to full capacity, enhancing security protections and returning to normal operations. 

‘I apologise personally and sincerely for the distress that this cyber-attack has caused and I hope that in time we are able to earn back the confidence of our customers.’ 

The March 16 hack stole around 14million pieces of personal information, including 7.9million driver’s licence numbers, 53,000 passport numbers and 6.1million customer records (stock)

The hack is under investigation by the Australian Federal Police while Latitude Financial work with the Australian Cyber Security Centre and cyber security experts to find its cause.

The firm added in its update: ‘We are in the process of contacting all customers, past customers and applicants whose information was compromised, outlining details of the information stolen, the support we are providing and our plans for remediation. 

‘We will complete this process as quickly as we can. We encourage all our customers to remain vigilant and alert to potential scam attempts. 

‘To the best of our knowledge, there has been no suspicious activity inside Latitude’s systems since Thursday 16 March 2023.’

News of the ransom comes after it was revealed law firms Hayden Stephens and Associates and Gordon Legal announced a potential class action against the company, which provides consumer finance services for David Jones, JB Hi-Fi, Apple, The Good Guys and Harvey Norman.

The law firms will investigate the hack as part of a potential class action and is urging customers to sign up for updates.

Lawyer Hayden Stephens said it must be established how the breach occurred and what harm has been passed on to Latitude customers.

‘Very much part of our investigation is to get answers to those questions,’ Mr Stephens, director of Hayden Stephens and Associates, told Sunrise. 

‘It is possible, even probable, that this breach could have been avoided.’ 

Mr Stephens previously told The Australian newspaper that the option for compensation was being explored. 

While all customers are encouraged to register for updates from the investigation, customers will likely need to prove harm suffered as a result of the breach in order to join a potential class action lawsuit.