Latitude Financial was subject to a cyber-attack in March that resulted in the theft of personal information. The theft affected customers, past customers and applicants across Australia and New Zealand.
The Cyber Incident and Our Response
Latitude Financial responded to a cyber-attack in March that resulted in the theft of personal information. The theft affected customers, past customers and applicants across Australia and New Zealand.
We acted immediately to contain the attacked, including taking systems offline to protect personal information. While our systems and services are now fully restored, this action caused disruption to our services for approximately six weeks.
Latitude received a ransom demand from the criminals behind the cyber-attack but refused to pay the ransom, as we stated publicly at the time.
The stolen data that the cybercriminals detailed as part of their ransom threat was consistent with the number of affected customers we had already disclosed. Latitude spent several weeks contacting by email or letter the individuals who have had information stolen.
The attack, including the identity of the criminal, is subject of an investigation by the Australian Federal Police.
Latitude will not pay any ransom to the criminals. We believe it would be detrimental to our customers and Australian and New Zealand businesses to do so and would not result in the return or destruction of the information that has been stolen.
Our full statement on the ransom demand is available in our online newsroom.
Please refer to our website newsroom to read the latest information.
We contacted individuals who were affected by the incident, prioritising those who had Identification Documents compromised. We confirmed with the affected individuals what personal information was stolen, what action they needed to take and what support was available to them.
We worked with government agencies/departments to streamline the document replacement process and where possible to waive any charge. Where customers had to or chose to replace identification documents at their own cost, Latitude is reimbursing the cost of the documents.
We contacted all affected individuals, where we had an email or postal address, to alert them to what information was stolen, how we are supporting them and what action they should take.
You can find further information under the Latitude cyber incident tab on our website.
If you have received a letter from Latitude and the person doesn’t live there anymore, please don’t open the letter. We’d appreciate it if you could please cross out the address, write return to sender on the envelope and put it in a mailbox near you.
We’re very sorry for any distress this has caused. We notified people who were affected by the cyber breach via their last known contact details, unless alerted otherwise.
We sincerely apologise that this has happened and assure you no action needs to be taken.
The information that was stolen was identify information collected at the point of application or for opening an account.
It is different for each affected individual and was detailed in the communication we sent to them.
Both current and past customers were affected as well as applicants (someone who either submitted or didn’t complete an application).
In 2015, Latitude Financial transitioned from GE Money in Australia and New Zealand. This means that Latitude took on responsibility for many of GE Money’s products and customers. GE Money offered a range of retail branded credit cards, including credit cards that were issued via retail stores.
Any time you applied for credit (including a credit card, interest free product, personal loan or motor loan), you may have applied through a retail store or broker partner of Latitude.
Any retail branded credit card or card issued via a retail store is managed by Latitude (previously GE Money). Customers should contact Latitude with any queries about these cards, including any questions related to the cyber incident - retailers are not able to provide any additional information.
What it means for your account
As part of our comprehensive support package, Latitude will reimburse customers who need to replace their stolen ID document.
Customers should complete this form if:
- You received an email or letter from Latitude notifying you that some of your ID information was compromised and as a result, have replaced the relevant document OR
- You are seeking reimbursement for ID document replacement cost.
To complete this form, you will need to provide your reference number – this can be found on the notification email/letter that was sent to you confirming the details of your ID document that was compromised. If you received more than one email or letter, the reference number will be from the most recent one.
You will also need to provide the BSB/Bank account number for the refund.
If you are claiming for multiple documents, you will need to raise a new form for each document.
Make a claim here
Our services are fully restored and we have completed a comprehensive review of our security.
Yes, you are required to make repayments on your account.
Latitude is required to collect and retain different types of information when you apply for or open an account.
These requirements continue after an account is closed.
There is no evidence of any stolen information being released to the dark web.
We encourage everyone to remain vigilant and alert to potential scam attempts.
More information about additional steps you can take to protect yourself is available on our website.
There is no evidence of any stolen information being released to the dark web or being used by cybercriminals.
We encourage everyone to remain vigilant and alert to potential scam attempts. More information about additional steps you can take to protect yourself is available on our website.
In our communications we will never ask for passwords or sensitive information, or demand money.
Please give close consideration to the sender of any communication you receive.
If you receive any suspicious emails or texts, you can report them at www.scamwatch.gov.au
Do not click on any links. To report a scam, please visit www.scamwatch.gov.au.
We have further enhanced our security following the incident.
Our priority is the ongoing security of our customers’, partners’ and employees’ personal and identity information, while we continue to do everything we can to support customers and applicants who had information stolen.
You can improve your cyber security by doing things such as setting up multi-factor authentication, securing accounts and being alert to potential fraud, scams and phishing attempts.
Steps you can take
- You can contact one of Australia’s three credit reporting bodies to obtain your credit report and confirm if your identity has been used to obtain credit without your knowledge.
- You can also request the agencies to place a credit ban or suspension on your credit file via their website or by contacting them directly. While a ban or suppression is in place it may be more difficult for you to apply for credit. For example, a credit provider may need to collect more personal information directly from you.
The links below take you directly to where you can make the request:
Credit Reporting Body
- You can refer to Australian Government information on how you can protect yourself at cyber.gov.au.
- You should be alert for any phishing scams that may be sent via SMS, phone, email or post.
- You should never click on links contained in SMS or email message unless you know they are legitimate.
- You should be careful when opening or responding to texts from unknown or suspicious numbers.
The Department of Foreign Affairs and Trade confirmed that affected passports are safe to use for international travel. The physical passport is required at the border.
Your identity is protected by the Australian Passport Office through the use of robust controls, including facial recognition technology.
A photocopy of your passport can be used to support fraud activity. Accordingly, we recommend that you review and continue to monitor your consumer credit report for any discrepancies or unusual activity. You can read further information on our dedicated web page.
Our Contact Us page lists how you can reach out to us.
The contact centre is available and fully operational.