Latitude Financial’s hacking attack is now one of the worst ever reported in this country and you’d be right in wondering if it could mean the end of the company in its present form.
On Monday, Latitude confirmed that details of 14 million consumers were stolen from its computer systems in the recent cyberattack, including the driver’s licence numbers of 7.9 million Australian and New Zealand customers.
Latitude provides consumer finance services to Harvey Norman, JB Hi-Fi, The Good Guys, Apple and recently signed up David Jones. Its major product is an interest free loan of up to 60 months, with strong marketing of the deal though Harvey Norman in recent years.
Of the 7.9 million driver licence numbers of Australian and New Zealand customers and applicants to have been stolen in the attack, 3.2 million were supplied in the last decade.
According to Monday’s statement, the victims include current and former Latitude customers stretching back more than 10 years, as well as applicants for its consumer credit services that include Harvey Norman’s interest-free loans.
“It is hugely disappointing that such a significant number of additional customers and applicants have been affected by this incident. We apologise unreservedly,” Latitude chief executive Ahmed Fahour said in a release to the ASX.
“We are committed to working closely with impacted customers and applicants to minimise the risk and disruption to them, including reimbursing the cost if they choose to replace their ID document. We are also committed to a full review of what has occurred,” said Fahour who retires from his position on Friday.
Latitude said it has not detected any hacker activity on its systems since March 16 (which is not much comfort because it had been detected any activity before that date).
Latitude is working with the Australian Cyber Security Centre and the incident is being investigated by the Australian Federal Police.
The company said about 53,000 passport numbers were also stolen in the attack. Separately, an additional 6.1 million records dating to at least 2005 were stolen, with the vast majority before 2005.
The information stolen includes some but not all of the following personal details: name, address, telephone number and date of birth.
Latitude said it would be writing to all customers and applicants whose information was stolen, outlining details of what was stolen and its remediation plans.
Latitude and its retailer customers have not made any comment on the fate of the loans and other credit products advanced to shoppers – especially the interest free loans for the likes of Harvey Norman which had stringent requirements for the person taking out the credit.
Potentially anyone missing or falling behind repayment schedules could see all the interest become due and payable, but there has been no comments on the current and future position of those holding these loans.
The hacking is not the fault of anyone with a credit transaction with latitude and the likes of Harvey Norman.
As well, many of these people do not have the capacity to refinance into other credit providers, especially with their identification compromised.
Latitude did say people can contact credit reporting bureaux to find out if their details have been used and they can also ask the credit reporting groups to suspend or put a credit ban on their file.
But there’s a catch 22: ” Please be aware that you will not be able to apply for credit while the ban or suspension is in place,” Latitude said in its statement on Monday.
Retailers like Harvey Norman and the various credit reporting bureaux have been silent about helping their customers since the story broke a fortnight ago.
Latitude shares fell 2.5% to $1.18 on Monday.