The cybercriminals who attacked our business have sent a ransom demand to Latitude Financial.
Latitude won't contribute to a ransom. This choice is in line with the Australian Government's viewpoint.
In a statement, Latitude does not believe that paying a ransom will bring back or destroy stolen information, and we do not support rewarding criminal behaviour.
Bob Belan, the CEO of Latitude Financial, stated: "Latitude will not pay a ransom to criminals. There is simply no guarantee that doing so would result in any customer data being destroyed based on the evidence and recommendations, and it would only encourage future extortion attempts against Australian and New Zealand businesses.
"Our top priority continues to be getting in touch with every customer whose personal information was compromised and supporting them during this time," Belan said.
He said Latitude teams have been working simultaneously to restore our IT systems securely, replenish staffing levels to capacity, strengthen security measures, and resume normal operations.
"I personally and sincerely apologise for the anxiety that this cyber-attack has brought about, and I hope that over time we can regain the trust of our customers." He added.
According to the counsel of cybercrime specialists, Latitude is adamant that paying a ransom will harm our customers and the larger community by encouraging additional criminal attacks.
The number of affected customers identified by Latitude in our announcement dated March 27, 2023, is consistent with the stolen data the attackers have disclosed as part of their ransom threat.
The Australian Federal Police is looking into this incident, and we continue developing our response in collaboration with the Australian Cyber Security Centre and cybersecurity professionals.
"We are contacting all clients, former clients, and applicants whose information was compromised to provide information about the stolen data, the support we are offering, and our remediation plans. This procedure will be finished as quickly as possible", He added.
Latitude also advises our clients to be on the lookout for potential scams.
Since Thursday, March 16, 2023, there hasn't been anything suspicious inside Latitude's systems that we are aware of.
Latitude's main customer contact centre is back online and running at total capacity as regular business operations resume. As a result, every customer enquiry will receive a priority response from us. Customers can also use the Latitude website and mobile app to access services. Additionally, new customer originations have resumed.
Latitude has insurance policies to cover risks, including those related to cyber security, and we have informed our insurers about this incident.
To recall, The financial services company Latitude told the Australian Securities Exchange that the March data breach was much worse than first thought.
The Australian Federal Police is looking into this malicious attack on Latitude, and we're still cooperating with them, the Australian Cyber Security Centre, and our knowledgeable advisers on cyber security.
According to the company, since Thursday, March 16, 2023, no suspicious activity has been seen in Latitude's systems.
The forensic investigation is still ongoing, according to Latitude Financial CEO Ahmed Fahour. "We've determined that roughly 7.9 million Australian and New Zealand driver licence numbers were stolen, of which roughly 3.2 million, or 40%, were given to us in the last 10 years," the official said. Additionally, about 53,000 passport numbers were taken.
"A total of less than 100 customers had their monthly financial statements stolen, according to information we have gathered. We will compensate customers who decide to replace their stolen ID document. A further 6.1 million records, some of which date back to at least 2005, were also taken; of these, 5.7 million (94% of them) were provided before 2013 "Fahour declared.
The following identifying details, namely name, address, phone number, and date of birth, are included in these records, but not entirely. Latitude keeps insurance policies to cover risks, including cyber security risks, and we have informed our insurers about this incident.
"We sincerely apologize for what we know will be upsetting for many of our customers as a result of today's announcement. We're writing to all of our clients, former clients, and applicants whose information was compromised to explain what happened, what we're doing to fix it, and how you can help "Additionally, he said.
Fahour said "It is extremely disappointing that this incident has had such a significant impact on so many additional clients and applicants.” We sincerely apologize. To minimize the risk and disruption to impacted customers and applicants, we are committed to working closely with them. This includes paying the cost if they decide to replace their ID document. A thorough investigation of what happened is something else we are committed to.
He exhorts all of our clients to exercise caution and to be on the lookout for any activity that might be concerning to their accounts.
"We'll never get in touch with customers and ask for their passwords.” We're still working around the clock to get our operations back up and running safely. We are repairing the attack-damaged platforms as we resume operations in the coming days and have increased security monitoring in place. Customers and business partners are appreciated for their patronage and tolerance. On their Latitude credit card, customers can still make purchases." CEO of Latitude Financial, Ahmed Fahour, stated:
He stated that they keep working nonstop to safely resume our operations. We are repairing the attack-damaged platforms as we resume operations in the coming days and have increased security monitoring in place.
Monash University Professor of Practice Nigel Phair, Department of Software Systems & Cybersecurity, Faculty of Information Technology, said, “Customers of Latitude Financial need to be extra vigilant and keep an eye on all accounts for suspicious emails, text messages, or transactions. Any customers with greater concerns should contact Latitude to gain reimbursement for changing identity documents, including their driver’s license.”
On the other hand, the Minister of Cyber Security, Clare O’Neil said the Latitude decision is consistent with government advice.
She said cybercriminals cheat, lie, and steal. Paying them only fuels the ransomware business model. They commit to undertaking actions in return for payment, but so often re-victimize companies and individuals.
“ I want Australia to be the most cyber-secure country in the world by 2030. To do it, we need to stand strong together in the national interest and deny hackers and cheats any profits from their crimes,” she disclosed
The Latitude breach also makes us wonder how businesses store data and why so many keep copies of records for longer than the legal requirement of seven years. The hack is the most recent in a string of significant data breaches, including attacks on Optus and Medibank.
Before you go..
You can get RedWires AU for free right now. Your donation, no matter how big or small, will help us keep doing honest journalism.
The readers of Redwires AU are the engine that drives our publication. Add your support to the effort to create a sustainable future for journalism that does not make compromises in the AU.
In the world we live in now, accurate and thorough reporting and analysis are becoming more and more important. To stop the spread of false information, it's very important that everyone in Australia has access to good reporting.
The Redwires AU contributes to society by opening up access to information and resources for all people, rather than just a select few.
Our only goal is to educate the general public more thoroughly. If you believe in what we're trying to accomplish here, please consider making a contribution right away to ensure our success in the years to come.
Upgrade your subscription to get the most out of it. Join the growing number of people around the world who believe in the power of independent media.