Latitude Financial is responding to a cyber-attack that has resulted in the theft of personal information. The theft impacts customers, past customers and applicants across Australia and New Zealand. We are directly contacting individuals whose information was compromised and we appreciate your patience and understanding as we continue to investigate this crime.
We will keep this page updated with information as it becomes available.
The Cyber Incident and Our Response
Latitude Financial is responding to a cyber-attack that has resulted in the theft of personal information. The theft impacts customers, past customers and applicants across Australia and New Zealand.
Once the attack was discovered, we took immediate and decisive action, including isolating systems, taking them offline to protect personal information. Unfortunately, this action continues to cause disruption to our services. We are working around the clock to restore full service for our customers and partners.
We are well advanced in what has been a thorough, forensic investigation of our systems, supported by external cyber security specialists. This crime is also the subject of an Australian Federal Police investigation.
Latitude has received a ransom demand from the criminals behind the cyber-attack on our company and we will not be paying it.
The stolen data that the attackers have detailed as part of their ransom threat is consistent with the number of affected customers we’ve already disclosed and we’re continuing to work through the process of contacting individuals who have had information stolen.
The attack, including the identity of the criminal, is being investigated by the Australian Federal Police.
Latitude will not pay any ransom to these criminals. We believe it would be detrimental to our customers and Australian and New Zealand businesses to do so and would not result in the return or destruction of the information that has been stolen.
Our full statement on the ransom demand is available in our online newsroom.
Please refer to our website newsroom to read the latest information.
We are contacting individuals who have been impacted by this criminal act. Our immediate priority is to support those who have had Identification Documents compromised. We will confirm what personal information has been stolen, what we are doing to support them, and what they need to do now.
We are in the process of contacting impacted individuals to alert them to what’s been stolen, how we are supporting them and what they need to do.
Where we hold current email addresses, we have now emailed all customers where scans/images of identity documents have been compromised.
We are working with government agencies/departments to streamline the process and avoid impacted customers from being charged for any required replacement of their driver's licence.
If an impacted customer chooses to replace their licence before this process has been set up, we will reimburse them for the replacement cost.
We will be contacting those impacted via email where we have one on file, or by postal address.
Where we hold current emails addresses, we have now emailed all customers where scans/images of identity documents have been compromised.
If you have received a letter from Latitude and the person doesn’t live there anymore, please don’t open the letter. We’d appreciate it if you could please cross out the address, write return to sender on the envelope and put it in a mailbox near you.
We’re very sorry for any distress this has caused. We are notifying people who have been impacted by the cyber breach via their last known contact details and we were not aware this person is deceased.
We sincerely apologise that this has happened and assure you no action needs to be taken.
It is not the same for every impacted individual and will be detailed in the communication we send to them.
Both current and past customers could be impacted. Applicants (someone who either submitted or didn’t complete an application) could also be impacted. You will be notified as quickly as possible if your personal information has been stolen.
In 2015, Latitude Financial transitioned from GE Money in Australia and New Zealand. This means that Latitude took on responsibility for many of GE Money’s products and customers. GE Money offered a range of retail branded credit cards, including credit cards that were issued via retail stores.
Any time you applied for credit (including a credit card, interest free product, personal loan or motor loan), you may have applied through a retail store or broker partner of Latitude.
Any retail branded credit card or card issued via a retail store is managed by Latitude (previously GE Money). Customers should contact Latitude with any queries about these cards, including any questions related to the cyber attack - retailers are not able to provide any additional information.
What it means for your account
As part of our response to the recent cyber-attack, Latitude will reimburse customers who need to replace their stolen ID document.
Customers should complete this form if:
- You have received an email or letter from Latitude notifying you that some of your ID information was compromised and as a result, have replaced the relevant document OR
- You are seeking reimbursement for ID document replacement cost.
To complete this form, you will need to provide your reference number – this can be found on the notification email/letter that was sent to you confirming the details of your ID document that was compromised. If you have received multiple email/letters, the reference number will be in the most recent one.
You will also need to provide the BSB/Bank account number for the refund.
If you are claiming for multiple documents, you will need to raise a new form for each document.
Make a claim here
Existing Latitude customers can continue to make transactions on their Latitude credit card.
Yes, you are still required to make repayments on your account and scheduled Direct Debits are still being processed.
There is a delay in some payments showing on accounts in the mobile app. These payments have been processed to accounts and you will not incur additional costs as a result.
Latitude is required to collect and retain different types of information when you open your account or apply. These requirements continue after an account is closed.
We are working closely with law enforcement and government agencies and have not seen evidence of any stolen information being released to the dark web.
We encourage everyone to remain vigilant and alert to potential scam attempts. More information about additional steps you can take to further protect yourself is available on our website.
Latitude, like many other companies, uses third-party providers to deliver certain services, including to verify identity.
We are emailing people who have been impacted and where there is no email address, they will receive a letter. In our communications we will never share links, ask for passwords or sensitive information, or demand money.
Please give close consideration to the sender of any communication you receive.
If you receive any suspicious emails or texts, you can report them at www.scamwatch.gov.au.
Do not click on any links. To report a scam, please visit www.scamwatch.gov.au.
Our priority is the ongoing security of our customers’, partners’ and employees’ personal and identity information, while also doing everything we can to support customers and applicants who have had information stolen.
We are doing everything in our power to respond to the attack and protect customer data. We are working alongside external security experts to ensure we can secure and restore our systems as quickly as possible.
Existing customers can continue to make transactions on their Latitude credit card.
You can improve your cyber security by doing things such as setting up multi-factor authentication, securing accounts and being alert to potential fraud, scams and phishing attempts.
Steps you can take
You can contact one of Australia’s three credit reporting bodies to obtain your credit report and confirm if your identity has been used to obtain credit without your knowledge.
You can also request the agencies to place a credit ban or suspension on your credit file via their website or by contacting them directly. While a ban or suppression is in place it may be more difficult for you to apply for credit. For example, a credit provider may need to collect more personal information directly from you.
The links below take you directly to where you can make the request:
Credit Reporting Body
- You can refer to Australian Government information on how you can protect yourself at cyber.gov.au.
- You should be alert for any phishing scams that may be sent via SMS, phone, email or post.
- You should never click on links contained in SMS or email message unless you know they are legitimate.
- You should be careful when opening or responding to texts from unknown or suspicious numbers.
The Department of Foreign Affairs and Trade has confirmed that impacted passports remain safe to use for international travel. The physical passport is required at the border.
Your identity is protected by the Australian Passport Office through the use of robust controls, including facial recognition technology.
A photocopy of your passport can be used to take out a line of credit or otherwise conduct fraudulent transactions. Accordingly, we recommend that you review and continue to monitor your consumer credit report for any discrepancies or unusual activity. You can read further information on our dedicated web page.
Our Contact Us page lists how you can reach out to us.
We are experiencing outages due to the cyber-attack and this is impacting our ability to speak to and respond to customers, including Complaints and Hardship Care requests. We are very sorry and understand the frustration and worry this causes. We are working to get back to everyone as quickly as possible.
The contact centre is available however we are experiencing longer than usual wait times to answer calls as we restore systems following a cyber-attack.
If you have submitted a webform, don’t worry we will respond, you don’t need to complete another one.