A major cyber attack on a supplier of authentication services for Latitude Financial has resulted in a large-scale leak of personal data for the company’s clients. Latitude Financial had to take action by disabling its networks, stopping customer services and even suspending the trading of shares. The supplier responsible for the leak remains unidentified.
The leaked accounting data of employees were used to access the systems of two other service providers, which Latitude Financial uses to verify individuals. Over 100,000 identification documents were accessed from one service provider and over 225,000 client records from another. This data included sensitive information such as driver’s licenses, passports and medical insurance cards.
In Australia, financial transactions require several forms of identification to open accounts, so Latitude Financial stores this personal data. However, the leak also affected clients in New Zealand.
According to a statement from Latitude Financial, the attack is ongoing and has left the company unable to serve its customers and trading partners. The company hopes to restore their systems and services gradually over the next few days.
The disabling of Latitude Financial’s services has had a ripple effect on large Australian retail sellers, including Apple, who cannot access Latitude’s consumer credit products offered as alternative payment methods. Latitude Financial warns its former and current customers that they can expect to experience leaks of their personal data, following the breach.