Latitude Cyber Response
Information, updates and support for those affected
Latitude Financial was subject to a cyber-attack in March that resulted in the theft of personal information. The theft affects customers, past customers and applicants in Australia and New Zealand.
What we are doing
We acted immediately to contain the attack and engaged with external cyber-security experts, the Australian Cyber Security Centre, the Australian Federal Police and relevant government agencies.
We notified customers and applicants affected by the breach by email or letter, where we had contact details, telling them what personal information has been stolen and the support we are providing or is available to them.
These were customers and applicants in Australia and New Zealand who had one or more of the following compromised:
- Approximately 7.9 million driver licence numbers and some but not necessarily all of: name, address, telephone and date of birth
- Approximately 103,000 copies of driver licences or passports
- Approximately 53,000 passport numbers
- Less than 100 monthly account statements
- Income and expense information used to assess approximately 900,000 loan applications, including approximately 308,000 bank account numbers (but not passwords) for the disbursement of funds and approximately 143,000 credit card or credit card account numbers (but not card expiry or 3-digit CVC) for debt consolidation, the overwhelming majority of which are expired or closed.
Customers and applicants can also refer to A Statement of Notification on the Latitude website for an overview of the personal information that was compromised.
Support for affected customers
The security and safety of our customers is our number one priority.
Affected individuals wanting to contact Latitude should call:
Australia call 1300 793 416 9am to 6pm, Monday — Saturday (excluding public holidays)
New Zealand call 0800 777 885 9am to 6pm, Monday — Friday (excluding public holidays)
Support is available for customers placed in a uniquely vulnerable position because of this incident. Our contact centre teams are able to provide direct access to the support we have available.
Where needed we will reimburse customers for the replacement cost of their stolen ID document.
We have also partnered with IDCARE to help support those affected. IDCARE is Australia and New Zealand's national identity and cyber support service. Their expert Case Managers can work with affected individuals to provide advice on specific concerns about the theft of personal information. Please visit https://www.idcare.org/latitude-incident-response or call 1800 595 160 (Australia) or 0800 121 068 (New Zealand) and use referral code LAT23.
Answers to your questions
For updates or further information, you can read the FAQs at our online Help Centre by clicking on these links:online newsroom.
Steps you can take to protect yourself
There are immediate precautions that you can take to protect yourself from cybercrime:
- Contacting one of Australia's credit reporting agencies for a credit report so you can check if your identity has been used to obtain credit without your knowledge.
In New Zealand, check your credit record to confirm if your identity has been used to obtain credit without your knowledge. Please refer to www.govt.nz/browse/consumer-rights-and-complaints/debt-and-credit-records/check-your-own-credit-report for further information.
- You can request the agencies to place a credit ban or suspension on your credit file via their website or by contacting them directly. While a ban or suppression is in place it may be more difficult for you to apply for credit. For example, a credit provider may need to collect more personal information directly from you.
We urge customers to be vigilant with all online communications and transactions including:
- Staying alert for any phishing scams via SMS, phone, post or email.
- Always verifying the sender of any communications received to make sure they're legitimate.
- Not opening texts from unknown or suspicious numbers.
- Updating passwords regularly with 'strong' passwords, not re-using passwords and activating multi-factor authentications when available on any online accounts.
If you are a victim of cybercrime, you can report it at ReportCyber on the Australian Cyber Security Centre website.
In New Zealand You can refer to the Office of the Privacy Commissioner for information privacy.org.nz
If you wish to report a scam or a vulnerability, go to ScamWatch.
1800 808 374 (AU) or
0800 808 374 (NZ).