Major retailers like Apple, JB Hi Fi, David Jones and especially Harvey Norman will have to find new sources of consumer finance and quickly after more news that the hacking crisis at their major provider, Latitude Financial, has worsened considerably.
Latitude Financial told the ASX on Monday that it been forced to stop adding new customers from clients such as Apple, Harvey Norman and JB Hi-Fi because the hacking is going on.
The hacking attack is now the subject of an Australian Federal Police (AFP) investigation and the investigation is spreading.
The company told the market that it “is still assessing the anticipated total cost to it of this incident, including the cost to Latitude of the support we intend to provide our customers as described in this announcement.”
“Latitude maintains insurance policies to cover risks, including cyber security risks, and we have notified our insurers in respect of the incident.”
Latitude said the details were stolen from service providers it uses. The company did not clarify further, but this is believed to refer to companies that provide corporate services to Latitude.
“As our review deepens to include non-customer originating platforms and historical customer information, we are likely to uncover more stolen information affecting both current and past Latitude customers and applicants,” the company said in its Monday statement.
Latitude also provided a breakdown of the customer data stolen to date.
The vast majority – 96% – were driver’s licences or driver’s licence numbers, while less than 4% was copies of passports or passport numbers and less than 1% was Medicare cards.
From yesterday, it will begin informing affected customers and applicants about what data was stolen and what the company is doing about it.
It has also set up dedicated contact centres for affected customers in Australia and New Zealand.
“Our focus is on protecting the ongoing security of our customers, partners and employees’ personal and identity information,” chief executive Ahmed Fahour said.
Because the cyber-attack remains active, Latitude Financial said it was taking some of its systems for customers and merchant partners offline. But the company said it was working to gradually restore them to service in coming days.
Latitude reported a weak performance in its 2022 financial year with cash earnings after tax down 23% to $153 million. The company’s shares remain suspended with a return to trading due on March 22. They last traded at $1.205 and it is hard seeing that level maintained when dealings resume.