Latitude data breach exposed 14m clients

Latitude Financial Services, Australia’s largest non-bank lender, confirmed a data breach resulted in millions of stolen driver’s licenses.

Attackers got a hold of 7.9 million Australian and New Zealand driver’s license numbers and 6.1 million records, including customer names, addresses, telephone numbers, and dates of birth.

Additionally, 53,000 passport numbers were stolen, and a hundred Latitude clients had their monthly financial statements exposed.

The company also pointed out that 3.2 million of the stolen driver’s license numbers were provided to the company over the last decade, likely implying the data might be outdated. Most of the stolen 6.1 million records (94%) were provided to the company before 2013.

The company’s initial statement on March 16 said it believed the breach originated from a vendor used by Latitude. Attackers managed to acquire the login details of a Latitude employee and access the company’s systems.

“The attacker appears to have used the employee login credentials to steal personal information that was held by two other service providers,” the statement said.

The same statement said that less than 400,000 records were stolen, an estimate that proved far off the real mark of 14 million. Latitude’s latest press update on March 27 said the lender would reimburse customers who choose to change their stolen IDs.

Latitude was established in 2015 after a consortium of investors consisting of KKR, Värde Partners, and Deutsche Bank bought Australian financial institutions from American conglomerate General Electric.

Unknown threat actors supposedly tried to sell 60GB of data stolen from Deutsche Bank by the infamous LockBit ransomware gang.

Australia has experienced a wave of major cyber attacks and data breaches in recent months.

First, threat actors stole data from Australia’s second-largest telecoms provider Optus. Later, attackers targeted Australia’s largest health insurer Medibank, the country’s largest telecoms company Telstra, IT services provider Dialog, and the Australian Woolworths subsidiary MyDeal.

The government responded by forming a hundred-strong squad for combating cybercriminals. Australia is flirting with the idea of taking over the IT systems of breached companies to better manage the fallout from cyberattacks.