The motive force licence info of 100 thousand Australians has been stolen after a serious client finance firm was focused with a “subtle and malicious cyber-attack”.

Latitude Monetary, a serious non-bank lender of client credit score in Australia boasting 2.8 million buyer accounts, revealed on Thursday that it had been breached following a big cyber assault this week.

To date, the corporate has recognized that 103,000 identification paperwork, almost all of that are copies of drivers’ licences, have been stolen, together with 225,000 buyer information.

It’s the newest main cyber-attack to befall a big Australian firm and impression tons of of hundreds of Australians, following the Optus and Medibank breaches final yr.

In keeping with Latitude Monetary’s replace to the market on Thursday, the corporate detected “uncommon exercise” on its programs “over the previous couple of days”, originating from a serious vendor utilized by the organisation.

The corporate mentioned it took “instant motion” however this didn’t stop the cyber attacker from acquiring Latitude worker login particulars.

These particulars had been then used to steal the private info held by two different Latitude service suppliers, the corporate mentioned.

“Latitude apologises to the impacted clients and is taking instant steps to contact them,” the corporate mentioned in an announcement to the ASX.

“Latitude is constant to answer this assault and is doing every part in its energy to include the incident and forestall the theft of additional buyer information, together with isolating and eradicating entry to some customer-facing and inside programs.”

Latitude Monetary has additionally knowledgeable the Australian Cyber Safety Centre, alerted the related legislation enforcement companies and engaged its personal cyber safety specialists.

A discover on the Latitude Monetary web site states its contact centres are “at present unavailable.”

latitude monetary internet discover

Latitude Monetary was established in 2015 after a consortium of buyers acquired it from GE, and relies in Melbourne. The corporate presents client finance within the type of private loans, bank cards, card loans, private insurance coverage and interest-free retail finance.

It’s the greatest non-bank lender of client credit score in Australia.

Latitude says that it has 2.8 million buyer accounts and greater than 5,500 service provider companions in Australia and New Zealand.

CEO and managing director Ahmed Fahour is because of depart Latitude Monetary in two weeks, having resigned in August 2022. He was beforehand the CEO of Australia Put up. Present Latitude Monetary govt normal supervisor of the Cash division, Bob Belan, takes over as CEO from 1 April.

Extra troubles

One other ASX-listed firm, IPH Restricted, additionally halted buying and selling earlier this week resulting from a cyber safety breach. The mental property legislation group has additionally notified the Australian Cyber Safety Centre, and mentioned that the breach primarily pertains to its doc administration programs and observe administration programs.

Information that will have been caught up within the breach might embrace enterprise administration paperwork, shopper paperwork and correspondence and IP case administration info.

“The investigation underway is targeted on figuring out whether or not the data saved in these programs has been accessed by the unauthorised third get together,” an organization assertion mentioned.

The corporate mentioned in an replace to the market that it detected “unauthorised entry to a portion of its IT atmosphere” earlier this week.

Australians are sadly changing into more and more used to having their extremely delicate private info caught up in information breaches.

Late final yr, main telecommunications agency Optus was struck by a cyber assault, with 9.8 million clients impacted.

Shortly after, non-public medical health insurance supplier Medibank additionally suffered a knowledge breach, with the attackers having access to all 9.7 million of its clients’ private particulars. This was apparently the results of a “rookie mistake,” with the programs accessed “utilizing a stolen Medibank username and password utilized by a 3rd get together IT service supplier”.

After Medibank refused to pay a ransom, the entire private information was ultimately dumped on the darkish internet.

Within the wake of those assaults, a government-appointed skilled advisory group is now contemplating main reforms to Australia’s “patchwork” of cyber insurance policies, with the federal authorities formulating a brand new cybersecurity technique.