Cybercrime Update 11
11 April 2023
Latitude Financial has received a ransom demand from the criminals behind the cyber-attack on our company.
Latitude will not pay a ransom. This decision is consistent with the position of the Australian Government.
We will not reward criminal behaviour, nor do we believe that paying a ransom will result in the return or destruction of the information that was stolen.
In line with advice from cybercrime experts, Latitude strongly believes that paying a ransom will be detrimental to our customers and cause harm to the broader community by encouraging further criminal attacks.
The stolen data the attackers have detailed as part of their ransom threat is consistent with the number of affected customers disclosed by Latitude in our announcement dated 27 March 2023.
This matter is under investigation by the Australian Federal Police and we continue to work with the Australian Cyber Security Centre and cyber-security experts on our response.
We are in the process of contacting all customers, past customers and applicants whose information was compromised, outlining details of the information stolen, the support we are providing and our plans for remediation. We will complete this process as quickly as we can.
We encourage all our customers to remain vigilant and alert to potential scam attempts.
To the best of our knowledge, there has been no suspicious activity inside Latitude's systems since Thursday 16 March 2023.
Regular business operations are being restored, with Latitude's primary Customer Contact Centre back online and operating at full capacity. We will respond to all customer enquiries as a priority. Customers can also access services via the Latitude website and mobile app. New customer originations have also recommenced.
Latitude maintains insurance policies to cover risks, including cyber-security risks, and we have notified our insurers in respect of this incident.
Latitude Financial CEO Bob Belan said:
"Latitude will not pay a ransom to criminals. Based on the evidence and advice, there is simply no guarantee that doing so would result in any customer data being destroyed and it would only encourage further extortion attempts on Australian and New Zealand businesses in the future.
"Our priority remains on contacting every customer whose personal information was compromised and to support them through this process.
"In parallel, our teams have been focused on safely restoring our IT systems, bringing staffing levels back to full capacity, enhancing security protections and returning to normal operations.
"I apologise personally and sincerely for the distress that this cyber-attack has caused and I hope that in time we are able to earn back the confidence of our customers."
Supporting our customers
Latitude is delivering a comprehensive customer care and remediation program to support affected individuals. Some of the steps we are taking include:
Latitude's dedicated contact centres are available for affected customers in Australia and New Zealand between 9am – 6pm AEST/NZST, Monday – Friday.
Additional support is available via our dedicated contact centres for customers who are in a uniquely vulnerable position as a result of this cyber-attack.
We have engaged IDCARE, a not-for profit organisation specialising in providing free, confidential cyber incident information and assistance. If you wish to speak with one of their expert Case Managers, please visit idcare.org or call (New Zealand) 0800 121 068, 11am – 6pm NZST, Monday – Friday (excluding public holidays) or (Australia) 1800 595 160 (use the referral code LAT23).
Mental Health and Wellbeing Support is available free of charge through our Support Line 0800 808 374 (New Zealand) or 1800 808 374 (Australia).
The Help page on our website is also being kept up to date with the latest information.
Media contact
Mark Gardy
Mark.Gardy@latitudefinancial.com
+61 412 376 817