Accessible News

Top storiesNew ZealandPoliticsBusinessEntertainmentSportsWorld

Latitiude Financial cyberattack exposes the data of more than 300,000 customers in NZ and Australia

Friday, 17 March 2023

Latitiude Financial
Latitiude Financial's cyberattack may have exposed the data of more than 300,000 customers in NZ and Australia.

More than 300,000 people across New Zealand and Australia could have had their privacy breached in a cyber-attack on finance company Latitude Financial.

It operated Genoapay, Gem Visa and GO Mastercard as well as 28° Global, Infinity Rewards and Low Rate credit cards, Latitude personal loans and vehicle loans.

The attacker appeared to have stolen personal information that was held by two Latitude service providers, affecting customers across both Australia and New Zealand, the company said in an announcement to the Australian share market.

About 103,000 identification documents, more than 97% of which were copies of drivers’ licenses, were stolen from one service provider, while about 225,000 customer records were stolen from a second service provider.

**READ MORE:

* BNZ customers warned about scammers asking for personal details in text messages

* Banks pay compensation over failures to protect customers from fraud

New AI-powered chatbots are creating new tools for cyber criminals, Norton Antivirus' systems engineer Dean Williams says.

* MetService anticipates future DDoS cyberattacks in coming days

**

Latitude apologised to its customers, particularly those who were impacted.

“Please be assured we will contact you directly if your personal information has been disclosed,” Latitude Financial chief operating officer Andrew Walduck said in an email to customers.

“We are working with the relevant authorities and have engaged cybersecurity specialists as we continue to do everything in our power to contain the attack.”

Genoapay was still able to be used until its planned closure on April 11 and customers should have confidence in using it, he said.

“Please continue to monitor Latitude’s website where we will be publishing further information as it becomes available.”

Latitude said a 'major vendor used by Latitude' was targeted in the attack.

Although Latitude took immediate action the attacker was able to obtain Latitude employee login credentials before the incident was isolated.

'The attacker appears to have used the employee login credentials to steal personal information that was held by two other service providers.”

It was in a trading halt until Monday.

A Privacy Commission spokesperson said its office was notified of the breach on Thursday.

“We are working with them as they seek to understand the size and scope of the breach.

“Our focus in these early stages is to provide agencies who have experienced a breach with advice on how minimise the harm caused by the breach on the individuals impacted.”