Latitude cyberattack leads to data theft at two service providers

Latitude Financial Services (Latitude) has disclosed a data breach after suffering a cyberattack, causing the company to shut down internal and customer-facing systems.

Latitude is one of Australia's largest personal loans provider and the country's largest non-bank consumer credit lender.

A subsidiary of Deutsche Bank and KKE, the firm provides a broad spectrum of consumer finance services, including unsecured personal loans, credit cards, car loans, personal insurance, and interest-free retail finance.

Moreover, Latitude provides major Australian retailers like Harvey Norman, JB Hi-Fi, David Jones, and The Good Guys with "buy now, pay later" (BNPL) schemes.

One breach leads to another

According to the 'cyber incident' notification, Latitude's internal systems were breached, allowing a threat actor to steal an employee's login. These credentials were then used for logging into two of the company's service providers to steal customer data.

"As of today, Latitude understands that approximately 103,000 identification documents, more than 97% of which are copies of drivers' licenses, were stolen from the first service provider," explains Latitude.

"Approximately 225,000 customer records were also stolen from the second service provider."

Latitude has not clarified if the records from the second provider contain similar data as the first provider, i.e., ID and driver's licenses or other information.

BleepingComputer has requested a comment from the firm to clarify that, and we will update this story as soon as we receive a response.

Exposed customers are not expected to take any action to protect themselves at this time. However, it is recommended that they stay vigilant, as their stolen data may be used in phishing or social engineering attacks.

The company has shut down several internal and customer-facing systems while responding to the incident and says that the effort to contain the attack and prevent breaches or further customer data is still underway.

While the public announcement was made available to all customers, those determined to be directly impacted by the security incident will receive personal notifications.