A major security breach has led to the theft of the data of 14 million Australians and New Zealanders.
Consumer finance company Latitude Group’s systems confirmed on Monday that the records were stolen from its systems in a hack detected a fortnight ago.
WATCH THE VIDEO ABOVE: Latitude Financial forced to admit the data of 14 million customers has been stolen
Looking for a new job or job candidate? Post jobs and search for local talent on 7NEWS Jobs >>
About 7.9 million people had their drivers licence details taken and around 53,000 passport numbers were stolen.
Latitude admitted in a statement that an additional 6.1 million records dating back to at least 2005 were also poached in this month’s hack, including names, addresses, telephone numbers and dates of birth.
Fewer than 100 customers had a monthly financial statement stolen, the consumer finance company told the ASX on Monday.
“We recognise that today’s announcement will be a distressing development for many of our customers and we apologise unreservedly,” the company said.
“We are writing to all customers, past customers and applicants whose information was compromised outlining details of the information stolen and our plans for remediation.”
Latitude will reimburse customers if they choose to replace their identity documents, the company said.
“It is hugely disappointing that such a significant number of additional customers and applicants have been affected by this incident,” CEO Ahmed Fahour said, pledging a full review into what occurred.
He warned customers now needed to be extra careful with cyber security.
“We urge all our customers to be vigilant and on the look-out for suspicious behaviour relating to their accounts. We will never contact customers requesting their passwords, “he said.
“We continue to work around the clock to safely restore our operations. We are rectifying platforms impacted in the attack and have implemented additional security monitoring as we return to operations in the coming days.”
Latitude disclosed on March 16 that a few days earlier it had detected a “sophisticated and malicious cyber-attack” on its systems, but at the time thought it involved hundreds of thousands of customer records, not millions.
The federal minister for cyber security Clare O’Neil said the announcement of the latest data breach was deeply concerning.
“The government shares the frustration and concern experienced by many citizens who fear their data may now have been stolen on multiple occasions,” she said.
“Latitude Financial is cooperating with government in responding to this incident, and we expect the company to continue to swiftly provide the government with all information it needs.”
O’Neil said it remained the government’s position that no customer should bear the cost of a data breach and the government was working with Latitude to ensure affected customers were protected from immediate and future risks.
She said the government had created the National Coordination Mechanism in March to coordinate state and federal agencies to provide support to Latitude and its customers, whose members had met five times already.
Australian Federal Police investigating
Opposition spokesman for cyber security, Senator James Patterson tweeted that the data breach was distressing news for Latitude’s customers.
“The government must swiftly provide calm, factual information about the implications of the attack and any steps customers should take to mitigate the threat,” he wrote.
The Australian Federal Police is investigating and the company is working with the Australian Cyber Security Centre and outside advisers.
The breach is the latest to hit millions of Australians, with large firms including Optus and Medibank recently announcing significant cyber incidents.
Nigel Phair works within the Department of Software Systems & Cybersecurity at Monash University.
He said in today’s environment all online consumers needed to guard their personal identities while operating in the online environment, and Latitude’s customers would now need to be extra careful.
Customers of Latitude needed to keep an eye on all accounts for any suspicious emails, text messages or transactions,” he said.
If you’d like to view this content, please adjust your .