Harvey Norman, JB Hi-fi customers hit in Latitude finance hack

Consumer finance provider Latitude Financial has been forced to stop adding new customers from clients such as Apple, Harvey Norman and JB Hi-Fi as it tries to contain the damage from hackers which are still active in its computer systems. The attack is now the subject of an Australian Federal Police investigation.

In an update to the ASX on Monday, Latitude said the number of victims is expected to grow but confirmed the hackers had stolen the personal details of at least 330,000 finance customers, with 96 per cent of the theft relating to copies of driver’s licences or driver’s licence numbers, and about four per cent relating to passports.

“I understand fully the wider concern that this cyberattack has created within the community”: Latitude Group chief executive Ahmed Fahour.Credit:Arsineh Houspian

Latitude said the AFP was now investigating the attack as it worked to contain the attackers and take some of its systems offline, which meant it would not be able to add new customers. Latitude’s finance services include the no-deposit, interest-free payment option offered by Harvey Norman stores.

“I sincerely apologise to our customers and partners for the distress and inconvenience this criminal act has caused. I understand fully the wider concern that this cyberattack has created within the community,” said Latitude chief executive Ahmed Fahour who retires at the end of this month.

He said the company’s focus is on protecting the ongoing security of its customers’, partners’ and employees’ information while supporting those who had their data stolen. He also acknowledged the disruption to its new customer business.

“While we continue to deliver transaction services, some functionality has been affected resulting in disruption. We are working extremely hard to restore full services to our customers and merchant partners and thank them for their patience and support. We understand the frustration,” he said.

Last Thursday, Latitude first revealed it had been the victim of a hacking incident with identification documents of 328,000 customers stolen.

Latitude said the details were stolen from service providers it uses. The company did not clarify further, but this is believed to refer to companies that provide corporate services to Latitude.

The company said it was continuing to respond to what it describes as a malicious and sophisticated cyberattack and has removed access to some customer-facing and internal systems.

Unusual activity was noticed on its network earlier last week, originating from a major vendor it uses.

Department store David Jones recently signed up Latitude for consumer finance services.Credit:Simon Schluter

“While Latitude took immediate action, the attacker was able to obtain Latitude employee login credentials before the incident was isolated,” it said at the time.

Latitude is working with the Australian Cyber Security Centre (ACSC) and said it had alerted relevant law enforcement agencies.

Latitude provides consumer finance services to Harvey Norman, JB Hi-Fi, The Good Guys, Apple and recently signed up David Jones.

Latitude was placed into a trading halt last Thursday and will remain suspended until Wednesday while further updates are made about the hack attack. The stock last traded at $1.20. Investors paid $2.60 for shares when it listed on the ASX less than two years ago.

The attack follows recent major cyberattacks at Optus and Medibank.

Optus was the victim of a major cyberbreach in September, with hackers obtaining the data of 10 million of its customers.

The Medibank attack in October was more serious with criminals accessing basic account details of 9.7 million current and former customers as well as health claims data for about 160,000 Medibank customers, 300,000 customers of its budget arm, ahm, and 20,000 international customers.

The hackers began leaking some stolen data onto the dark web. It still faces lawsuits and an investigation by the Office of the Australian Information Commissioner over its handling of the incident.

The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.

Most Viewed in Business

From our partners

Source: Read Full Article