Clients of a major Australian personal finance firm, Latitude Financial, have detailed how they are being targeted by hackers as the company admits to losing the personal information of more than 300,000 clients in a massive cyber-attack.
On Thursday, Latitude Group Holdings Ltd, a digital payments and lending company, revealed that a hacker had stolen the personal information of up to 328,000 customers – in one of the most significant data breaches this year.
Latitude – the company behind Latitude 28° Mastercards and buy now, pay later service LatitudePay – ceased trading after a hacker stole personal information from two service providers using an employee’s credentials.
Brisbane woman Tanya Moran told Daily Mail Australia that the first sign her 65-year-old mother Sharron had been targeted by scammers was a bizarre text message bombing in the middle of the night.
Brisbane woman Tanya Moran said the first sign her 65-year-old mother Sharron had been targeted by scammers was a bizarre text bombing in the middle of the night (pictured)
Ms Moran said her mother became wary when she received a series of texts from Latitude at 1:45 am with verification codes for purchases she hadn’t made.
Ms Moran said Sharron started getting strange calls around 3:45am on Thursday morning.
“We checked whether the number came from scammers. So they seemed to have had access to all of her information,” she said.
“We think they were trying to get the verification codes.”
Ms. Moran and her mother logged into Sharron’s account around 7:30 AM and saw “$300 in fraudulent charges” on the Latitude 28° Global Platinum Mastercard.
“We couldn’t lock the card or do anything without talking to Lattitude, but their phones were affected, so we waited,” she said.
Ms Moran said her mother was ‘turned on’ for the scammers but feared others would have ‘fallen for it’.
Latitude Financial said it had “experienced data theft as a result of what appears to be a sophisticated and malicious cyberattack”
Some customers received an email from Latitude warning them that their “personal information” had been stolen.
The email read: “We are writing to you directly to update you on a recent cyber-attack to which Latitude Financial is actively responding. Unfortunately, the attack resulted in the theft of some customer data.’
“The attacker appears to have stolen personal information held by two Latitude service providers, impacting customers in both Australia and New Zealand.”
At the time, the company emphasized that most of the stolen data was identity documents, almost exclusively copies of customers’ driver’s licenses.
“As of today, we have learned that approximately 103,000 identification documents, more than 97% of which are copies of driver’s licenses, have been stolen from a single service provider.”
“Approximately 225,000 customer data were stolen from a second service provider.”
“Latitude apologizes to its customers, especially those affected by this.”
“Please rest assured that we will contact you directly if your personal information has been made public.”
“We are working with the relevant authorities and have engaged cybersecurity specialists as we continue to do everything we can to contain the attack.”
Some customers received an email from Latitude saying their “personal data” had been stolen, but stressed that most of the data was copies of driver’s licenses (pictured)
A Latitude customer noticed a strange transaction in his account on Tuesday night
Another Latitude customer said they noticed a strange transaction on their Latitude 28° card on Tuesday night.
“I called emergency services to lock my card. The call center has since closed,” they said.
The transaction was for $1515.95 for a company called ‘Meta Store’.
The client said he understood that Meta is Facebook’s parent company, and suggested that the hacker may have used their card to “pay for ads.”
The customer said they were stunned why they weren’t asked for a verification code for a transaction of that size, as was “normal for online purchases.”
In a statement to Daily Mail Australia, Latitude Financial said it had “experienced data theft as a result of what appears to be a sophisticated and malicious cyber-attack.”
“We have alerted the relevant authorities and engaged cybersecurity specialists as we continue to do everything we can to contain the breach, including isolating and removing access to some internal and customer-facing systems,” it said.
Latitude customers have expressed frustration with what many describe as poor customer service following the announcement of the cyberattack (stock image pictured)
But angry customers turned to Latitude’s Facebook to vent their frustrations over what many described as poor customer service.
Many said they had tried to contact Latitude to find out if their data had been leaked, but were unable to reach anyone.
“As a customer, I expect more clarity on what is hindering the delivery of basic customer service from credit card companies,” someone said.
‘Will we be notified soon if our data has been stolen? Should we change our passwords? Hello? Is someone goddamn there?’
Others claimed to have noticed “fraudulent” activity on their Latitude accounts.
A Latitude spokesperson responded by saying they had no “ETA” on when customer service would resume.
We’ll keep our page updated to let you know as soon as we’re back online, bear with us. Thank you for your patience,” said the spokesperson.
Latitude in February discontinued LatitudePay – a popular “buy-now, pay-later” service used at major retail chains including JB Hi-Fi, The Good Guys and David Jones (stock image pictured)
In February, the company shut down LatitudePay – a popular buy-now, pay-later service used at major retail chains including JB Hi-Fi, The Good Guys and David Jones.
LatitudePay allowed customers to spread the purchase cost of products over 10 weekly interest-free payments. The sudden closure of the service affected more than 500,000 customers.
Latitude has yet to specify which branch of the company was affected by the recent hack.
The company disclosed that approximately 103,000 identification documents were stolen from the first unnamed service provider. More than 97 percent of these were copies of driver’s licenses.
About 225,000 customer data were stolen from the second service provider.
Latitude said it had detected unusual activity on its systems over the past few days.
Australia has been hit by a slew of cyber attacks since the end of last year, with the largest health insurer Medibank Private and Optus, the local unit of Singapore Telecommunications.
The Medibank attack affected 9.7 million customers, while more than 2 million Optus users were affected in a separate data breach.