Latitude Financial Estimates Breach Will Cost Them AU$105 Million
Australia’s Latitude Financial Services has disclosed that a data security incident earlier this year will likely cost the company AU$105 million (US$68.6 million). In March 2023, hackers stole data belonging to 14 million of the lending company’s customers; Latitude declined to pay a ransom demand. Latitude was able to process transactions during the incident, but the company’s ability to originate new accounts and manage collections were severely disrupted for several weeks.
This works out to about a cost of AU $7 per customer record exposed, on the low end – especially when weeks of business disruption happened. This figure is likely to be revised upward in the future. The telling quote from their presentation on what happened: “Threat actor obtained privileged credentials via a third-party vendor to access our systems.” Eliminating reusable passwords on privileged accounts is also critical to supply chain security.
The announcement from Latitude is a good example of complete transparency to include being very specific on details. The announcement not only states that they now have a clean bill of health; no malicious activity since March 16th, enumerates their resulting costs from the incident but also informs customers they are not expecting to pay dividends for six months ending June 30, 2023.
Read more in
Latitude Financial: ASX Announcement | Half and Full Year Guidance and Cyber Update (PDF)
Gov Infosecurity: Latitude Financial Attack Costs Company Up to AU$105 Million