Australian consumer finance company Latitude Group Holdings Ltd has announced that one of the largest confirmed data breaches in the country has resulted in the theft of almost 8 million driver’s licence numbers from Australia and New Zealand.
The cyber attackers also gained access to more than 6 million customer records, including around 53,000 passport numbers. The company has described the breach as a “distressing development” and has expressed concern that the attack affected far more customers than was initially disclosed.
Scope of the Attack
Latitude Group’s initial statement, released on March 16th, suggested that the breach had only affected around 103,000 licences. However, further investigations have now revealed that the attackers stole the driver’s licence numbers of nearly 8 million customers. This puts the breach in the same category as two of the largest Australian data thefts: Singapore Telecommunications’ Optus and medical insurer Medibank Private. Both companies suffered attacks late last year that resulted in the theft of around 10 million customer accounts.
The Australian government has introduced penalties for companies that fail to protect customer data. This move is part of a broader overhaul of the national cybersecurity strategy that is currently underway. “Cyber attacks are a growing threat and will become a more routine part of our lives for years to come, and this incident is another reminder of the importance of improving Australia’s cyber security and privacy settings,” commented Cyber Security Minister Clare O’Neil.
Latitude Group has reassured customers that its insurance covers cyber security risks. The company is working with authorities to manage the fallout from the attack and has implemented additional security measures to protect against future breaches. CEO Ahmed Fahour stated in a press release that the company is “rectifying platforms impacted in the attack and have implemented additional security monitoring as we return to operations in the coming days.”
Shares in Latitude Group fell 2.5% following the announcement of the data breach, with investors concerned that the company’s exposure may be worse than previously thought. “Whenever investors hear of a data breach, they tend to assume the worst,” commented Matt Simpson, Senior Market Analyst at City Index.
Latitude Group’s announcement highlights the importance of maintaining strong cybersecurity measures in the face of a growing threat landscape. The company’s response to the attack shows the value of having appropriate insurance coverage in place to protect against the financial implications of a data breach. However, the breach also underscores the need for all companies to be vigilant in their efforts to safeguard sensitive customer data.