Key Points
- Latitude Financial says hackers stole mostly drivers licences and customer records.
- The company offers loans, insurance and credit cards.
- Latitude has apologised and is contacting affected customers.
Almost 330,000 customer records and identification documents have been stolen from Latitude Financial.
The company says it appears to have been hit by a sophisticated and malicious cyber attack, originating from a major vendor.
It believes criminals accessed an employee's log-in credentials, then stole customer information from two service providers.
About 103,000 identification documents appear to have been stolen from one provider, believed to be mostly driver's licences.
A further 225,000 customer records were stolen from the second provider.
Hollywood star Alex Baldwin used to appear in advertisements for the company, which offers loans, insurance and credit cards.
It inked a 10-year deal to provide credit cards to David Jones customers in January, after the department store retailer's contract with American Express ended.
It also has agreements with JB Hi-Fi, The Good Guys and Harvey Norman.
Latitude has apologised and is contacting affected customers.
"Our priorities are to ensure the ongoing security of our customers, our employees and our partners while continuing to deliver services," the company's listed holding company told the Australian stock exchange on Thursday.
Some customer-facing and internal systems have been removed in an attempt to stop more data from being taken.
Latitude Group Holdings Ltd is in a trading halt until Monday.
Three weeks ago the company revealed it would end its buy-now-pay-later scheme in Australia and New Zealand, which has been used by about half a million customers.
Meanwhile, intellectual property services group IPH has also been impacted by a cyber security incident.
The listed company detected unauthorised access to "a portion of its IT environment" on March 13, it told the stock exchange on Thursday.
It's believed to have impacted the document management system used in its head office.
Two firms that it works with have also been caught up in the incident, potentially impacting client documents, information and other case details.
It comes after a series of high-profile cyber attacks in Australia over the past twelve months which targetted multiple companies, including Optus and Medibank.
