The biggest data breach in 2023 so far was at Latitude Financial, an Australian financial services company. The breach, discovered in March 2023, exposed the personal information of more than 14 million customers, including their names, addresses, driver’s licenses, and passport numbers.
Latitude Financial is a leading provider of personal loans, credit cards, and other financial products to consumers in Australia and New Zealand. The company has over 1.5 million customers and manages over $20 billion in assets.
The data breach is the largest in Australian history and has raised serious concerns about the security of personal information held by financial institutions. The Australian government has launched an investigation into the breach and has called for Latitude Financial to be more transparent about the incident. According to the cybersecurity hub during the breach of its network, the malicious actor was able to steal employee login credentials which they then used to steal personal customer information from two service providers.
Initial reports by Latitude Financial stated that the malicious actor had stolen the information of 328,000 customers, with the majority of these records being customers’ driver’s licenses. In an update on the attack on March 20, Latitude Financial confirmed that copies of passports, passport numbers, and Medicare numbers were all stolen in the breach. On March 27, Latitude Financial revealed that more than 14 million customers were affected in the breach.
The company posted in a statement about the breach that the data stolen included:
Let’s take a look at the timeline of events:
Latitude Financial has apologized for the breach and has said that it is taking steps to improve security. The company has also offered affected customers free credit monitoring and identity theft protection. The data breach at Latitude Financial is a reminder that no organization is immune to cyber-attacks. It is vital for consumers to be aware of the risks and to take steps to protect their personal information.
Personal information is and will always be highly sensitive and valuable, and its disclosure can have serious consequences for those impacted. It can result in a variety of undesirable effects, including identity theft, fraud, credit score deterioration, loss of savings, and even major legal difficulties.
Despite the fact that the organization responded fast to the hack and took many efforts to reduce the damage, the consequences of the breach have been considerable. Latitude’s reputation has suffered greatly, with several victims demanding greater accountability. It was chastised for how it handled the event, for collecting too much data and keeping it for an unduly long time.
Conducting regular assumed breach, threat simulation and vulnerability assessments/penetration testing will help to identify gaps in security controls. This will enable the organization to:
Organizations should work with vendors like WeSecureApp that provide a comprehensive plan to systematically uncover critical security risks and remediate issues before they can be exploited by malicious actors.