Consumer lender Latitude Financial has vowed not to pay a ransom to those behind a massive cyber-attack that resulted in the largest-known data breach of an Australian financial institution.
Latitude, which offers personal loans and credit to customers at stores including JB Hi-Fi, The Good Guys and Harvey Norman, said on Tuesday that its position was in line with Australian government policies.
“Latitude will not pay a ransom to criminals,” Latitude’s chief executive, Bob Belan, said in a statement.
“Based on the evidence and advice, there is simply no guarantee that doing so would result in any customer data being destroyed and it would only encourage further extortion attempts on Australian and New Zealand businesses in the future.”
The lender said the stolen data the attackers detailed as part of a ransom was consistent with the updated number of affected customers disclosed by Latitude late last month.
Around 14m customer records, including driver’s licence numbers, passport numbers and financial statements, were stolen from its system in a cyber-attack that was far worse than the company initially reported.
The stolen details include 7.9m Australian and New Zealand driver’s licence numbers and 53,000 passport numbers. A further 6.1m customer records were also stolen, of which 5.7m were provided before 2013.
Many of the documents are viewed by cybersecurity experts as particularly sensitive, because they contain unique identifiers that can be used in conjunction with general information readily available about a person to potentially steal an identity.
The Latitude breach also raises questions about how companies store data and why many businesses retain copies of documents beyond the seven-year timeframe required for certain records. The attack is the latest in a series of major data breaches, following hacks at Optus and Medibank, among others.
after newsletter promotion
“People are now at constant risk of identity fraud – and worse – because organisations collect too much information, keep it too long, and store it insecurely,” said Justin Warren, the chair of Electronic Frontiers Australia. The digital rights group believes existing privacy protections are ineffective and must be reformed.
The government has opened up a public debate on the issue of cyber laws that could include giving expanded powers to federal agencies to intervene when private companies come under attack. The payment of ransoms could also be banned under legislative changes.
Latitude said regular business operations were being restored after it had taken its platforms offline in response to the attack.
“Our priority remains on contacting every customer whose personal information was compromised and to support them through this process,” said Belan, who recently took over as chief executive from Ahmed Fahour.
#Latitude #Financial #vows #pay #ransom #hackers #wake #massive #data #breach #Cybercrime