Articles in this section

Latitude Cyber Incident Update

  • Updated

Latitude Financial is responding to a cyber-attack that has resulted in the theft of personal information. The theft impacts customers, past customers and applicants across Australia and New Zealand.  We are directly contacting individuals whose information was compromised and we appreciate your patience and understanding as we continue to investigate this crime.

We will keep this page updated with information as it becomes available.

 

The Cyber Incident and Our Response

What’s happened?

Latitude Financial is responding to a cyber-attack that has resulted in the theft of personal information. The theft impacts customers, past customers and applicants across Australia and New Zealand. 

Once the attack was discovered, we took immediate and decisive action, including isolating systems, taking them offline to protect personal information. Unfortunately, this action continues to cause disruption to our services. We are working around the clock to restore full service for our customers and partners.

We are well advanced in what has been a thorough, forensic investigation of our systems, supported by external cyber security specialists. This crime is also the subject of an Australian Federal Police investigation.

I heard/read that the attackers are now demanding a ransom. Do they have more data?

Latitude has received a ransom demand from the criminals behind the cyber-attack on our company and we will not be paying it.

The stolen data that the attackers have detailed as part of their ransom threat is consistent with the number of affected customers we’ve already disclosed and we’re continuing to work through the process of contacting individuals who have had information stolen.

Who is behind the attack and will you be paying the ransom?

The attack, including the identity of the criminal, is being investigated by the Australian Federal Police.

Latitude will not pay any ransom to these criminals. We believe it would be detrimental to our customers and Australian and New Zealand businesses to do so and would not result in the return or destruction of the information that has been stolen.

Our full statement on the ransom demand is available in our online newsroom.

What have we communicated?

Please refer to our website newsroom to read the latest information. 

What are we doing?

We are contacting individuals who have been impacted by this criminal act. Our immediate priority is to support those who have had Identification Documents compromised. We will confirm what personal information has been stolen, what we are doing to support them, and what they need to do now.

When will I know if my information/data was accessed or stolen?

We are in the process of contacting impacted individuals to alert them to what’s been stolen, how we are supporting them and what they need to do.

Where we hold current email addresses, we have now emailed all customers where scans/images of identity documents have been compromised. 

We are working with government agencies/departments to streamline the process and avoid impacted customers from being charged for any required replacement of their driver's licence.

If an impacted customer chooses to replace their licence before this process has been set up, we will reimburse them for the replacement cost.

How will you contact those impacted?

We will be contacting those impacted via email where we have one on file, or by postal address.

Where we hold current emails addresses, we have now emailed all customers where scans/images of identity documents have been compromised. 

What should I do if I have received a letter from Latitude that is addressed to someone else?

If you have received a letter from Latitude and the person doesn’t live there anymore, please don’t open the letter. We’d appreciate it if you could please cross out the address, write return to sender on the envelope and put it in a mailbox near you. 

The person you have sent the letter to has deceased, why have you sent a letter?

We’re very sorry for any distress this has caused. We are notifying people who have been impacted by the cyber breach via their last known contact details and we were not aware this person is deceased.

We sincerely apologise that this has happened and assure you no action needs to be taken. 

What information has been stolen?

It is not the same for every impacted individual and will be detailed in the communication we send to them.

Is it just current customers or were previous customers impacted too?

Both current and past customers could be impacted. Applicants (someone who either submitted or didn’t complete an application) could also be impacted. You will be notified as quickly as possible if your personal information has been stolen. 

I have never signed up for a Latitude product, why have I been contacted?

In 2015, Latitude Financial transitioned from GE Money in Australia and New Zealand. This means that Latitude took on responsibility for many of GE Money’s products and customers. GE Money offered a range of retail branded credit cards, including credit cards that were issued via retail stores.  

Any time you applied for credit (including a credit card, interest free product, personal loan or motor loan), you may have applied through a retail store or broker partner of Latitude. 

Any retail branded credit card or card issued via a retail store is managed by Latitude (previously GE Money). Customers should contact Latitude with any queries about these cards, including any questions related to the cyber attack - retailers are not able to provide any additional information.

 

What it means for your account

How do I submit a claim for reimbursement of my ID document replacement costs?

As part of our response to the recent cyber-attack, Latitude will reimburse customers who need to replace their stolen ID document. 

Customers should complete this form if:

  • You have received an email or letter from Latitude notifying you that some of your ID information was compromised and as a result, have replaced the relevant document OR
  • You are seeking reimbursement for ID document replacement cost. 

To complete this form, you will need to provide your reference number – this can be found on the notification email/letter that was sent to you confirming the details of your ID document that was compromised. If you have received multiple email/letters, the reference number will be in the most recent one.   

You will also need to provide the BSB/Bank account number for the refund.

If you are claiming for multiple documents, you will need to raise a new form for each document.

Make a claim here

Can I still use my account?

Existing Latitude customers can continue to make transactions on their Latitude credit card.

Do I still need to pay my account?

Yes, you are still required to make repayments on your account and scheduled Direct Debits are still being processed. 

I have made a payment, but it isn't showing?

There is a delay in some payments showing on accounts in the mobile app. These payments have been processed to accounts and you will not incur additional costs as a result.

I closed my account, why have you kept my details?

Latitude is required to collect and retain different types of information when you open your account or apply. These requirements continue after an account is closed.

 

Security

Has my data been posted on the dark web?

We are working closely with law enforcement and government agencies and have not seen evidence of any stolen information being released to the dark web.

We encourage everyone to remain vigilant and alert to potential scam attempts. More information about additional steps you can take to further protect yourself is available on our website.   

Why did a 3rd party/service provider have my information?

Latitude, like many other companies, uses third-party providers to deliver certain services, including to verify identity.

This is covered in Latitude’s Privacy Policy, which is available on our website: https://www.latitudefinancial. com.au/privacy

I received a notification from Latitude, how do I know if it is legitimate?

We are emailing people who have been impacted and where there is no email address, they will receive a letter. In our communications we will never share links, ask for passwords or sensitive information, or demand money.

Please give close consideration to the sender of any communication you receive.

If you receive any suspicious emails or texts, you can report them at www.scamwatch.gov.au.

I received a suspicious email/SMS – what should I do?

Do not click on any links. To report a scam, please visit www.scamwatch.gov.au

There appears to be suspicious activity on my account – what should I do?

If you believe there's fraudulent activity on your account, contact us immediately so we can make sure your account is secure.

If you're concerned about a transaction or charge appearing on your account that may not be yours, you can raise a dispute and we will investigate it.

How do I know that my data is secure?

Our priority is the ongoing security of our customers’, partners’ and employees’ personal and identity information, while also doing everything we can to support customers and applicants who have had information stolen.

We are doing everything in our power to respond to the attack and protect customer data. We are working alongside external security experts to ensure we can secure and restore our systems as quickly as possible.

Existing customers can continue to make transactions on their Latitude credit card.

Is there anything I can do to further protect myself?

You can improve your cyber security by doing things such as setting up multi-factor authentication, securing accounts and being alert to potential fraud, scams and phishing attempts.

For more tips, please check out www.cyber.gov.auwww.cert.govt.nz or view our security information on our website.

Steps you can take

  • You can contact one of Australia’s three credit reporting bodies to obtain your credit report and confirm if your identity has been used to obtain credit without your knowledge.

  • You can also request the agencies to place a credit ban or suspension on your credit file via their website or by contacting them directly. While a ban or suppression is in place it may be more difficult for you to apply for credit. For example, a credit provider may need to collect more personal information directly from you.

The links below take you directly to where you can make the request:

Credit Reporting Body

Website

Illion

 https://www.illion.com.au/credit-report-ban-request
Equifax https://www.equifax.com.au/eform/submit/credit-ban
Experian https://www.experian.com.au/consumer/request-a-ban
  • You can refer to Australian Government information on how you can protect yourself at cyber.gov.au.
  • You should be alert for any phishing scams that may be sent via SMS, phone, email or post.
  • You should never click on links contained in SMS or email message unless you know they are legitimate.
  • You should be careful when opening or responding to texts from unknown or suspicious numbers.
Will I need to change my passport?

The Department of Foreign Affairs and Trade has confirmed that impacted passports remain safe to use for international travel. The physical passport is required at the border.

Your identity is protected by the Australian Passport Office through the use of robust controls, including facial recognition technology.

A photocopy of your passport can be used to take out a line of credit or otherwise conduct fraudulent transactions. Accordingly, we recommend that you review and continue to monitor your consumer credit report for any discrepancies or unusual activity.  You can read further information on our dedicated web page.

 

Contact Us

How do I get in touch with you?

Our Contact Us page lists how you can reach out to us.

We are experiencing outages due to the cyber-attack and this is impacting our ability to speak to and respond to customers, including Complaints and Hardship Care requests. We are very sorry and understand the frustration and worry this causes. We are working to get back to everyone as quickly as possible.

When will the contact centre be available?

The contact centre is available however we are experiencing longer than usual wait times to answer calls as we restore systems following a cyber-attack.

If you have submitted a webform, don’t worry we will respond, you don’t need to complete another one. 

Was this article helpful?
Return to top

Related articles

Connect With Us

The Latitude Group recommends that you read the Terms of Use and Privacy and Credit Reporting Policy of the website. The Latitude Group is a leader in consumer finance in Australia and New Zealand offering a range of services: including personal loans, car loans, credit cards, personal insurance, interest free and promotional retail. In Australia, the Latitude Group includes: Latitude Financial Services Australia Holdings Pty Ltd (ABN 46 603 161 100); Latitude Finance Australia (ABN 42 008 583 588 Australian Credit Licence Number 392145); Latitude Personal Finance Pty Ltd (ABN 54 008 443 810 Australian Credit Licence Number 392163) and Latitude Automotive Financial Services (ABN 80 004 187 419 Australian Credit Licence Number 392178) trading as Latitude Financial Services. LatitudePay Payment Plan provided by LatitudePay Australia Pty Ltd ABN 23 633 528 873. In New Zealand, the Latitude Group includes: Latitude Financial Services Limited (Company number 5624865). Latitude Financial Services, Level 18, 130 Lonsdale Street, Melbourne, Vic, 3000.