Latitude is responding to a cyber-attack and regretfully we're experiencing service disruption as we secure our IT platforms. We’re sorry for the inconvenience and appreciate your patience and understanding as we continue to investigate this crime.
We will keep this page updated with information as it becomes available.
If you have an urgent matter, please log a ticket via our help centre.
What’s happened?
Latitude Financial is responding to a cyber-attack that has resulted in the theft of
personal information. The theft impacts customers, past customers and applicants across Australia and New Zealand.
Once the attack was discovered, we took immediate and decisive action, including isolating systems, taking them offline to protect personal information. Unfortunately, this action continues to cause disruption to our services. We are working around the clock to restore full service for our customers and partners.
We are well advanced in what has been a thorough, forensic investigation of our systems, supported by external cyber security specialists. This crime is also the subject of an Australian Federal Police investigation.
What we have communicated on 27 March 2023
Please refer to our online newsroom to read the latest cybercrime update.
What we are doing
We are contacting individuals who have been impacted by this criminal act. Our immediate priority is to support those who have had Identification Documents compromised. We will confirm what personal information has been stolen, what we are doing to support them, and what they need to do now.
When will I know if my information/data was accessed or stolen?
We are in the process of contacting impacted individuals to alert them to what’s been stolen, how we are supporting them and what they need to do. We will help them replace identification documents, where necessary, at no cost.
We will be sharing with them information whether it is necessary to replace identification and, if so, how. Our website will be updated with this information.
How will you contact those impacted?
We will be contacting those impacted via email where we have one on file, or by postal address. The 330,000 customers we originally identified as impacted have already been notified.
For the additional group of customers that we have identified as impacted, we have begun a process to proactively communicate with them as soon as possible.
Can I still use my account?
Existing Latitude customers can continue to make transactions on their Latitude credit card.
Do I still need to pay my account?
Yes, you are still required to make repayments on your account and scheduled Direct Debits are still being processed.
There may be a delay in some payments showing up on accounts in the Mobile App and you will not incur any additional costs because of this.
What information has been stolen?
It is not the same for every impacted individual and will be detailed in the communication we send to them.
Why did a 3rd party/service provider have my information?
Latitude, like many other companies, uses third-party providers to deliver certain services, including to verify identity, and to meet our regulatory obligations to retain account records for at least 7 years. This is covered in Latitude’s Privacy Policy, which is available on our website: https://www.latitudefinancial. com.au/privacy
I closed my account, why have you still kept my details?
Latitude is required to retain account records for at least 7 years after an account is closed. This is to comply with Anti-Money Laundering and counter terrorism financing laws. In light of the theft of personal information, we are reviewing our data retention policies.
Is it just current customers or were previous customers impacted too?
Both current and past customers could be impacted. Applicants (someone who either submitted or didn’t complete an application) could also be impacted. You will be notified as quickly as possible if your personal information has been stolen.
I received a notification from Latitude, how do I know if it is legitimate?
We are emailing people who have been impacted and where there is no email address, they will receive a letter. In our communications we will never share links, ask for passwords or sensitive information, or demand money.
Please give close consideration to the sender of any communication you receive.
If you receive any suspicious emails or texts, you can report them at www.scamwatch.gov.au.
There appears to be suspicious activity on my account – what should I do?
If you believe there's fraudulent activity on your account, contact us immediately so we can make sure your account is secure.
If you're concerned about a transaction or charge appearing on your account that may not be yours, you can raise a dispute and we will investigate it.
I received a suspicious email/SMS – what should I do?
Do not click on any links. To report a scam, please visit www.scamwatch.gov.au. or www.cert.govt.nz
Will I need to change my passport?
The Department of Foreign Affairs and Trade has confirmed passports do not need to be replaced, you can read their advisory here
How do I know that my data is secure?
Our priority is the ongoing security of our customers’, partners’ and employees’ personal and identity information, while also doing everything we can to support customers and applicants who have had information stolen. We are doing everything in our power to respond to the attack and protect customer data. We are working alongside external security experts to ensure we can secure and restore our systems as quickly as possible.
How do I get in touch with you?
Our Contact Us page lists how you can reach out to us.
We are experiencing outages due to the cyber-attack and this is impacting our ability to speak to and respond to customers, including Complaints and Hardship Care requests. We are very sorry and understand the frustration and worry this causes. We are working to get back to everyone as quickly as possible.
When will the contact centre be available?
We are working hard to get up and running and respond to customers. We will let you know as soon as we can.
Is there anything I can do to further protect myself?
You can improve your cyber security by doing things such as setting up multi-factor authentication, securing accounts and being alert to potential fraud, scams and phishing attempts.
For more tips, please check out www.cyber.gov.au, www.cert.govt.nz or view our security information on our website.
Steps you can take
-
You can contact one of Australia’s three credit reporting bodies to obtain your credit report and confirm if your identity has been used to obtain credit without your knowledge.
-
You can request the credit reporting bodies to place a credit ban on your credit file via their website or by contacting them directly. If you intend to apply for a credit ban, please be aware that you will not be able to apply for credit while the ban is in place.
The links below take you directly to where you can make the request:
Credit Reporting Body |
Contact Information |
Website |
Illion |
1300 734 806 |
https://www.illion.com.au/credit-report-ban-request |
Equifax |
138 332 |
https://www.equifax.com.au/eform/submit/credit-ban |
Experian |
1300 783 684 |
https://www.experian.com.au/consumer/request-a-ban |
- You can refer to Australian Government information on how you can protect yourself at cyber.gov.au.
- You should be alert for any phishing scams that may be sent via SMS, phone, email or post.
- You should never click on links contained in SMS or email message unless you know they are legitimate.
- You should be careful when opening or responding to texts from unknown or suspicious numbers.