Customers of a major Australian personal finance company, Latitude Financial, have detailed how they have been targeted by hackers as the company admits losing the personal information of more than 300,000 clients in a massive cyberattack.
On Thursday, digital payments and lending firm Latitude Group Holdings Ltd revealed that a hacker had stolen the personal information of up to 328,000 customers – in one of the most significant data breaches this year.
Latitude – the company behind Latitude 28° Mastercards and buy now, pay later service LatitudePay – went into a trading halt after a hacker stole personal information held by two service providers using an employee’s login credentials.
Brisbane woman Tanya Moran told Daily Mail Australia that the first sign her 65-year-old mother Sharron had been targeted by scammers was a bizarre text message bombardment in the middle of the night.
Brisbane woman Tanya Moran said the first sign her 65-year-old mother Sharron had been targeted by scammers was a bizarre text message bombardment in the middle of the night (pictured)
Ms Moran said her mother became wary when she received a series of texts from Latitude at 1.45am containing verification codes for purchases she had not made.
Ms Moran said Sharron then recieved strange phone calls at around 3.45am on Thursday morning.
‘We checked the number it was from scammers. So they seemed to have had access to all her information,’ she said.
‘We believe they were trying to get the verification codes.’
Ms Moran and her mother logged onto Sharron’s account at around 7.30am and saw ‘$300 worth of fraudulent charges’ on the Latitude 28° Global Platinum Mastercard.
‘We were unable to lock the card or do anything without speaking to Lattitude but their phones were affected so we have been waiting,’ she said.
Ms Moran said her mother was ‘switched on’ to the scammers but feared others would have ‘fallen for it’.
Latitude Financial said it had ‘experienced a data theft as the result of what appears to be a sophisticated and malicious cyber-attack’
Some customers were sent an email by Latitude alerting them their ‘personal information’ had been stolen.
The email read: ‘We’re writing to you directly to update you on a recent cyber-attack that Latitude Financial is actively responding to. Regrettably, the attack has resulted in the theft of some customer data.’
‘The attacker appears to have stolen personal information that was held by two Latitude service providers, impacting customers across both Australia and New Zealand.’
The company then emphasised most of the stolen data was identification documents, almost solely copies of customer’s drivers’ licenses.
‘As of today, we understand that approximately 103,000 identification documents, more than 97% of which are copies of drivers’ licenses, were stolen from one service provider.’
‘Approximately 225,000 customer records were stolen from a second service provider.’
‘Latitude apologises to its customers, particularly those who were impacted.’
‘Please be assured we will contact you directly if your personal information has been disclosed.’
‘We are working with the relevant authorities and have engaged cyber security specialists as we continue to do everything in our power to contain the attack.’
Some customers received an email from Latitude informing them their ‘personal information’ had been stolen, but emphasised most of the data was copies of drivers licenses (pictured)
A Latitude customer noticed a strange transaction on their account on Tuesday night
Another Latitude customer said they noticed an odd transaction on their Latitude 28° card on Tuesday night.
‘I called the after hours emergency to lock my card. The call centre has been closed since,’ they said.
The transaction was for $1515.95 for a business called ‘Meta Store’.
The customer said he understood Meta to be the parent company of Facebook, and suggested the hacker may have used their card to ‘pay for advertisements’.
The customer said they were stunned as to why they weren’t asked for a verification code for a transaction of that size, as was ‘normal for online purchases’.
In a statement to Daily Mail Australia, Latitude Financial said it had ‘experienced a data theft as the result of what appears to be a sophisticated and malicious cyber-attack’.
‘We have alerted the relevant authorities and engaged cyber security specialists as we continue to do everything in our power to contain the breach, including isolating and removing access to some internal and customer-facing systems,’ it said.
Latitude customers have expressed their frustrations at what many described as poor customer service following the cyber-attack announcement (stock image pictured)
But angry customers took to Latitude’s Facbook to express their frustrations at what many described as poor customer service.
Many said they had attempted to contact Latitude to find if their details had been leaked but could not get through to speak to anyone.
‘As a customer I expect more clarity on what is preventing the provision of basic credit card company customer service,’ one said.
‘Are we going to be notified soon if our details have been stolen? Should we be changing our passwords? Hello? Is anyone f****** there?’
Others claimed they had noticed ‘fraudulent’ activity on their Latitude accounts.
A Latitude spokesperson responded by saying they didn’t ‘have an ETA’ as to when customer service lines would resume.
‘We’ll keep our page updated to let you know once we’re back online, please bear with us. Thank you for your patience,’ the spokesperson said.
Latitude in February shut down LatitudePay – a popular buy-now, pay-later service which was used at major retail chains including JB Hi-Fi, The Good Guys and David Jones (stock image pictured)
In February, the company shut down LatitudePay – a popular buy-now, pay-later service which was used at major retail chains including JB Hi-Fi, The Good Guys and David Jones.
LatitudePay allowed customers to spread the purchase cost of products over 10 weekly interest-free payments. The sudden closure of the service impacted more than 500,000 customers.
Latitude is yet to specify which arm of the business was affected by the recent hack.
The company disclosed that about 103,000 identification documents were stolen from the first unnamed service provider. More than 97 per cent of which were copies of drivers’ licences.
About 225,000 customer records were stolen from the second service provider.
Latitude said it had detected unusual activity on its systems over the last few days.
Australia has been hit by a slew of cyber attacks since late last year, with the largest being health insurer Medibank Private and Optus, the local unit of Singapore Telecommunications.
The Medibank attack affected 9.7million customers, while more than 2million Optus users were impacted in a separate data breach.