You have 0 free articles left this month.
Register for a free account to access unlimited free content.
Powered by MOMENTUM MEDIA
accountants daily logo

Latitude rebuffs ransom demand from cyber criminals

Technology

The finance group says paying up would encourage further extortion attempts. 

By Philip King 12 minute read

Latitude Financial has rebuffed a ransom demand from the cyber criminals who made off with the personal details of millions of present and former customers last month.

“Latitude will not pay a ransom,” the company said in an update to the ASX. “This decision is consistent with the position of the Australian government.

“We will not reward criminal behaviour, nor do we believe that paying a ransom will result in the return or destruction of the information that was stolen.

“In line with advice from cyber crime experts, Latitude strongly believes that paying a ransom will be detrimental to our customers and cause harm to the broader community by encouraging further criminal attacks.”

The financial group did not specify the amount being demanded but admitted last month that the theft involved more than 14 million personal customer details, including driver’s licences and passport numbers.

Some of the stolen information dated back to 2005 and took in names, addresses, dates of birth and phone numbers. The criminals also got away with 53,000 passport numbers and the monthly financial statements of around 100 customers.

==
==

The company said details of the threat appeared consistent with the number of affected customers and it was working with the AFP, Australian Cyber Security Centre and cyber security experts on its response.

Latitude Financial CEO Bob Belan said paying a ransom would only incentivise more hackers.

“Based on the evidence and advice, there is simply no guarantee that doing so would result in any customer data being destroyed and it would only encourage further extortion attempts on Australian and New Zealand businesses in the future.”

Latitude believed there had been no suspicious activity in its systems since Thursday 16 March and it was contacting all customers and applicants whose data had been compromised, outlining details of the information stolen and its plans for remediation.

“Our priority remains on contacting every customer whose personal information was compromised and to support them through this process,” Mr Belan said.

“In parallel, our teams have been focused on safely restoring our IT systems, bringing staffing levels back to full capacity, enhancing security protections and returning to normal operations.

“I apologise personally and sincerely for the distress that this cyber attack has caused and I hope that in time we are able to earn back the confidence of our customers.”

Latitude has set up contact centres for affected customers and had engaged IDCARE, a not-for profit organisation that provided free, confidential cyber incident information and assistance.

Philip King

Philip King

AUTHOR

Philip King is editor of Accountants Daily and SMSF Adviser, the leading sources of news, insight, and educational content for professionals in the accounting and SMSF sectors.

Philip joined the titles in March 2022 and brings extensive experience from a variety of roles at The Australian national broadsheet daily, most recently as motoring editor. His background also takes in spells on diverse consumer and trade magazines.

You can email Philip on: This email address is being protected from spambots. You need JavaScript enabled to view it.

You are not authorised to post comments.

Comments will undergo moderation before they get published.

accountants daily logo Newsletter

Receive breaking news directly to your inbox each day.

SUBSCRIBE NOW