Latitude Financial facing potential legal action
Just a day after announcing the severity of its 16 March data breach, Latitude Financial is already staring down the barrel of a potential class action.
Editor’s note: This article originally appeared on Lawyers Weekly’s sister brand, Cyber Security Connect.
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
Gordon Legal and Hayden Stephens and Associates said today (28 March) they are looking into the potential for legal action against the company.
The two firms will be looking into how the hack occurred and whether or not Latitude had taken proper steps to secure its data.
“We are deeply concerned about the impact of this data breach on Latitude customers,” said James Naughton, partner at Gordon Legal.
“We are investigating how a breach of this size could occur. Latitude customers deserve to understand their legal rights and the steps that have been taken to protect their personal data.”
The two firms have extensive experience litigating class actions.
Latitude first announced that it had suffered a data breach on 16 March, but at that point in time, the financial services company believed only 250,000 customers had been affected. But on 27 March, Latitude Financial announced that the hack affected over 14 million customer records, making it the largest data breach yet for an Australian company.
The exposed data included details of both past and present Latitude companies. Approximately 7.9 million driver’s licence numbers were exposed, alongside 53,000 passport numbers. The names, addresses, phone numbers, and dates of birth of roughly 6.1 million customers were also breached, while less than 100 customers had their monthly financial statements compromised.
Meanwhile, the Australian Federal Police (AFP) has announced it is expanding Operation Guardian to protect customers affected by the breach. The operation was set up by the AFP-led Joint Policing Cybercrime Coordination Centre in September 2022 in the wake of the Optus data breach and also worked on Medibank’s breach. At this time, the AFP has found no evidence that the Latitude data has been leaked.
Rik Ferguson, vice-president of security intelligence at Forescout, believes this attack is a perfect example of the changing tactics of ransomware threat actors.
“There is now a definite move away from data encryption for cyber criminals,” Mr Ferguson told Cyber Security Connect via email. “Improved cyber security practises from organisations have presented a significant technical and organisational overhead to threat actors, and the benefits of using it are rapidly declining.”
“The end goal for many cyber criminals now is to steal data to sell on the black market.”