Angry customers have lashed out at Australian financial service provider Latitude after its systems were hacked – which has seen sensitive personal information obtained – as millions still remain in the dark on whether they have been impacted.
Chillingly, the company revealed on Friday that is was still trying to contain the attack.
Latitude, which offers credit cards, personal loans and other forms of finance including for customers of Harvey Norman, JB Hi-Fi, David Jones and The Good Guys, revealed on Thursday to the ASX that it had been targeted in a “sophisticated and malicious cyber attack”.
The details of a whopping 328,000 customers had been breached, with 100,000 of those expected to have had their drivers’ licence compromised, it said at the time.
Yet, desperate customers have been unable to find out any information with its call centres and some online services shut down at the time.
Many have been highly critical that news of the hacking was only revealed via media reports and that it has also taken two days for the company to communicate directly with customers after they finally received an email late on Friday.
However, they are still none the wiser as to whether their identity documents have been leaked.
Latitude’s chief operating officer Andrew Walduck said in the email that the company was working with the relevant authorities and have engaged cyber security specialists “as we continue to do everything in our power to contain the attack”.
“As of today, we understand that approximately 103,000 identification documents, more than 97 per cent of which are copies of drivers’ licenses, were stolen from one service provider,” he said.
“Approximately 225,000 customer records were stolen from a second service provider. Latitude apologises to its customers, particularly those who were impacted. Please be assured we will contact you directly if your personal information has been disclosed.”
But frustrated customers have hit out at Latitude’s handling of the hacking describing it as “pathetic” and “disgusting”.
“How long will it take to find out if I am affected? If my details have been stolen I’d like to know now. Identity theft and/or financial ruin due to your lack of security and saving items such as my drivers licence is not okay,” one woman wrote on social media.
“We need more information asap,” one woman pleaded. “Do we need to change our licences, change our bank accounts? As this has been happening lots what have you done with your cyber security? As a ex Security officer this is a major huge breach and should not happen. Someone dropped the ball big time.”
“So customers have potentially had their details stolen, nobody knows exactly which details, yet there’s no way for us to lock our cards/accounts, or change passwords, because you’ve shut down the Service Centre? Great move Latitude **slow clap**,” one man said.
Others were highly critical that Latitude had not contacted them directly to inform them of the breach and they had only discovered it via the media.
“It’s pathetic customers find out from the media about a data breach when it should’ve been yourselves notifying customers if they are impacted & how badly they’ve been impacted due to your negligence,” another added.
“This is really poor behaviour. Cutting off your service centres and giving people virtually no avenue to seek more information about what is going on. I had to find out from the media – no notice to all customers. This is absolutely disgraceful,” one man fumed.
Other Australians have revealed they cannot access their funds and are unable to get in touch with Latitude to help them.
However, Mr Walduck added in his email on Friday night that its “services remain available and you should have confidence in using them”.
“Please continue to monitor Latitude’s website where we will be publishing further information as it becomes available,” he said.
Latitude has more than 2.7 million customers across Australia and New Zealand.
One customer told news.com.au he had made more than 150 calls to Latitude in 30 hours with no answer, after noticing a hacker had used his card, spending more than $1500.
Latitude said it had noticed “unusual activity” on its systems in the last couple of days.
When they realised it was a cyber security breach, the firm took “immediate action” to minimise the damage.
However, unfortunately, by then it was too late.
They were unable to isolate the incident as employee login credentials had already been stolen.
It comes just months after Optus and Medibank had the details of millions of customers stolen in two separate sophisticated cyber attacks that descended into ransom demands which were not paid.
For more latest Economy News Click Here