Fintech did not hack again with much breadth
Latitude Financial’s hacking attack is now one of the worst ever reported in this country, and you rightly wonder if it could mean the end of the company in its current form.
On Monday, Latitude confirmed that details of 14 million consumers were stolen from its computer systems in the recent cyber attack, including the driver’s license numbers of 7.9 million Australian and New Zealand customers.
Latitude provides consumer finance services to Harvey Norman, JB Hi-Fi, The Good Guys, Apple and recently signed up David Jones. The main product is an interest-free loan of up to 60 months, with strong marketing of the agreement through Harvey Norman in recent years.
Of the 7.9 million driver’s license numbers of Australian and New Zealand customers and applicants stolen in the attack, 3.2 million were supplied over the past decade.
According to Monday’s statement, victims include current and former Latitude customers stretching back more than 10 years, as well as applicants for consumer credit services that include Harvey Norman’s interest-free loans.
“It is hugely disappointing that such a significant number of additional customers and applicants have been affected by this incident. We apologize unreservedly,” Latitude CEO Ahmed Fahour said in a release to the ASX.
“We are committed to working closely with affected customers and applicants to minimize the risk and disruption to them, including reimbursing the costs if they choose to replace their ID document. We are also committed to a full review of what has happened, said Fahour, who is stepping down from his post on Friday.
Latitude said it hasn’t detected any hacker activity on its systems since March 16 (which isn’t much consolation because activity had been detected before that date).
Latitude is working with the Australian Cyber Security Center and the incident is being investigated by the Australian Federal Police.
The company said around 53,000 passport numbers were also stolen in the attack. Separately, a further 6.1 million records from at least 2005 were stolen, with the vast majority pre-2005.
The information stolen includes some, but not all, of the following personal information: name, address, telephone number and date of birth.
Latitude said it would write to all customers and applicants whose information was stolen, detailing what was stolen and the remediation plans.
Latitude and its retail customers have not commented on the fate of the loans and other credit products given to customers – particularly the interest-free loans of the likes of Harvey Norman which had strict requirements on the person taking out the credit.
Potentially, anyone missing or falling behind on repayment plans could see all interest due and payable, but there has been no comment on the current and future position of those with these loans.
The hacking is not the fault of someone with a latitude credit transaction and the likes of Harvey Norman.
In addition, many of these people do not have the capacity to refinance to other credit providers, especially with their identification compromised.
Latitude said people can contact credit reporting agencies to find out if their details have been used, and they can also ask the credit reporting groups to suspend or place a credit freeze on their files.
But there’s a catch-22: “Please note that you will not be able to apply for credit while the ban or suspension is in place,” Latitude said in its statement on Monday.
Retailers such as Harvey Norman and the various credit reporting agencies have been silent on helping their customers since the story broke a fortnight ago.
Latitude shares fell 2.5% to $1.18 on Monday.
