Latitude Group in Australia reports data breach resulting in 7.9 million driver license numbers being stolen

Digital payments and lending firm Latitude Holdings (LFS.AX) has revealed that a large-scale information theft on March 16 resulted in the theft of 7.9 million Australian and New Zealand driver’s licence numbers. Additionally, about 53,000 passport numbers and less than 100 customers’ monthly financial statements were also stolen. Latitude confirmed that a further 6.1 million records dating back to at least 2005 were also stolen, and customers who opt to replace their stolen ID document will be reimbursed.
Chief Executive Officer Ahmed Fahour stated that the firm is rectifying platforms impacted by the attack and has implemented additional security monitoring as it prepares to return to operations in the coming days. However, the incident has impacted Latitude’s stock, which fell 2.5% to A$1.18, and has lost about 2.1% since the company first reported the incident on March 16.
According to senior market analyst Matt Simpson at City Index, investors tend to assume the worst when they hear of a data breach. However, he believes that much of the doom and gloom was priced in two weeks ago when news of the cyber attack first broke. The current level does not make it a strong “buy,” but “investors clearly saw A$1 as a decent level for a punt,” he added.
Latitude provides consumer finance services to major Australian retailers Harvey Norman (HVN.AX) and JB Hi-Fi (JBH.AX) and had alerted last week that it had discovered further evidence of information theft. The Australian cybersecurity industry is understaffed, and several Australian firms have reported cyberattacks over the past few months. Last year, some of Australia’s largest companies reported data breaches, prompting authorities to step up efforts to bolster cybersecurity and implement stricter data-sharing rules to prevent breaches in the future. Latitude took its platform offline earlier this month and reported that the Australian Federal Police and the Australian Cyber Security Centre were investigating the attack.