Latitude Financial has revealed a cyber attack and data breach that impacts approximately 225,000 customers, including unauthorised access to just shy of 100,000 copies of driver's licences.
The financial services company, which offers loans, insurance and digital payment products, entered a trading halt on the Australian Securities Exchange this morning.
The company said that "unusual activity" was detected on systems; it said the activity "is believed to have originated from a major vendor" it engages.
The attacker obtained Latitude employee login credentials before the incident was isolated, the company said [pdf], and that allowed them to “steal personal information that was held by two other service providers”.
Latitude did not identify those service providers.
“As of today, Latitude understands that approximately 103,000 identification documents, more than 97 percent of which are copies of driver's licences, were stolen from the first service provider," it said.
“Approximately 225,000 customer records were also stolen from the second service provider”, it added, without detailing the extent of information those customer records held.
The company said it is “doing everything in its power to contain the incident and prevent the theft of further customer data”.
That includes taking down some customer-facing internal systems, Latitude said.
It is also working with the Australian Cyber Security Centre, has alerted “relevant” law enforcement agencies, and has engaged “several cyber security specialists”.