Published:
27 March 2023
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2023.0058.3
Latitude Financial Data Breach
27 March 2023
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Latitude Cyber Incident
Resolution: Mitigation
Revision History: March 27 2023: Updated the advisory to include the most recent information released by Latitude Financial
March 21 2023: Updated the advisory to include most recent information released by Latitude Financial
March 17 2023: Initial Release
OVERVIEW
News has emerged that personal data of customers across both Australia
and New Zealand may have been compromised due to a cyber attack targeting
Latitude Financial [1].
The personal data includes copies of drivers' licences or licence numbers,
passports or passport numbers and Medicare numbers [2].
Latitude has issued an update to the list of personally identifiable information (PII)
that has been affected in the current incident. It should be noted that
the stolen customer records pertains to data as far back as 2005.[3]
IMPACT
Latitude Financial reports that they have taken their platforms offline
and are unable to service their customers and merchant partners [2].
Latitude Financial also reports that they have established dedicated contact centres
for impacted customers in Australia and New Zealand and a help page to keep
their customers and partners updated of on the developments [2].
MITIGATION
Latitude Financial advises its customers to:
1.Contact IDCARE if impacted [2]
2.Contact dedicated contact centres [2]
AusCERT is aware of the situation and will monitor the situation should
any actionable indicators of compromise be released.
REFERENCES
[1] Latitude Cyber Incident Update
https://latitudefs.zendesk.com/hc/en-au/articles/13777669694225-Latitude-Cyber-Incident-Update
[2] Cybercrime update
https://www.latitudefinancial.com.au/about-us/media-releases/cybercrime-update.html
[3] Cybercrime update
https://investors.latitudefinancial.com.au/DownloadFile.axd?file=/Report/ComNews/20230327/02647908.pdf
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBZCEcLMkNZI30y1K9AQiSQhAAm/rbyPXujqvWa+DODBRnv/jbwqGap2F9
VhQf0SW8BkPM6m7I7+zPCqnnwQoqyf8GER7JaqpT7Y2j599s+U0cLyxiOJOdI88i
UVYQbkrVF6E1l3rzLoGcAP0CXmGB14qnRurZbarOntovCZ4TjNWEnk4awTZPYFtg
D0rd0UU8U0zsd7C6dqcitIVHx5yv+uy0kfhLd0QUyhF/dLtNbltssDMTtM/5fp/k
I4WMckkir0xcCqpkX17M0La/0kVCdkzWFLkeGATEw+3tyuNXDAC2srnPufV3Qfz+
WfHvVdtTkwRAl1TMxkje9166HE5OcJhLz3y3ZLO2JJQvvuBXHPRH3yXdLDe663Ki
Bfu8QVmRMYpZHgbDU9id9Nr80AvQj+iWC++lyQ/EeRVP1SWSFm+XTh5fSX4wg095
CN9NxMSEEuZoha2bRYZaTY5QzJXxh+2FCMWbD5GV5VZZUjziDqFs/sLKPQcyiRSm
El4flf9m26k5+o5iJvS0YcDBrbobWctuu3S1PcSgjY+FfWCBVg7o8LtJh5wB7P16
D0dWKZpcwF+zlzushj0qYixFTY4rw3sePSc8t3otOnXfSlUPBSEMD4y9iYdEPzE+
U4TlCsvgmw7e830D5OsnzHptEf/vUvuxrzJcqgjettA53ZUChq7HLNkt6AOM7xBT
/7tRJ2nRPNs=
=Y619
-----END PGP SIGNATURE-----