Update:
Latitude Financial confirms data hack is far worse than expected, with 7.9 million people's data stolen
https://www.abc.net.au/news/2023-03-27/latitude-far-worse-cy…
Another day, another data breach.
As of today, Latitude understands that approximately 103,000 identification documents, more than 97 per cent of which are copies of drivers’ licences, were stolen from the first service provider.
Approximately 225,000 customer records were also stolen from the second service provider.
Love them casting shade on unnamed "service providers". That is a great way to describe AWS or Dropbox or whoever to make it sound like they also share some responsibility for the sloppy security.
It's most likely a third party / managed service provider, not a cloud hosting platform (AWS) or file storage system (Dropbox)
This make me included in all major breach. Optus, Telstra, Medibank and now this…
1 more and you get a free identity!
I need a dust filter for a Hoover Max extract pressure pro model 60. Can you help me with that?
Better call Paul!
Do you get personalized phone calls and spam now though?
Yes, but unfortunately google message and spam protection blocks it for me
unfortunately google message and spam protection blocks it for me
Can’t you disable the filters/protection?
One more and you get a free twinsy that shares your name, date of birth and passport!
If you had a COVID19 PCR, they might also now share your DNA ;)
One customer says he has made more than 150 calls to Latitude in the past 30 hours with no answer, after noticing a hacker had used his card, spending more than $1500.
https://www.news.com.au/finance/business/other-industries/ma…
how can you dial that fast…
Bot
It's not that many calls if you aren't being answered.
I guess they dont have
'your call is important to us, please hold and someone who you wont understand wont give a shit sometime in the future'…
or You have progressed in the queue - Your call is #10,024,035 in the queue
or Your wait time is now 11,326 hours
I am actually impressed he counted his number of calls….
Latitude got too many platitudes not enough attitudes when it comes to data security.
i can’t log into my account. says wrong password even after resetting password
Seems to be a error on their site
“Please be aware we are currently experiencing a technical issue and some services may be unavailable”
Noice!
Latitude has some extremely shonky password handling, it seems to initially accept passwords with certain special characters (it lets you change your password and says it's fine), but then when you try to login with your new password it'll refuse to let you in.
Your only option is to use the "Forgot your password?" option and regain access to your account that way, and try changing your password again. I still haven't figured out exactly which punctuation characters trigger this idiocy, but sadly this kind of buggyness is all too common nowadays with financial services providers.
I changed password 4-5 times. Password change is successful but cant log back in. Bloody idiots. I cant even identify which credit card I added.
I've made comments on threads like these before saying that your info is already out there or will eventually and huffing and puffing about it is pointless. Kept getting downvoted because people beleive companies "should be responsible with their customers data" bla bla.
But breaches are going to happen and nothing is unhackable. The best thing we can all do is assume you're info is out and identify theft imminent. Look out for new cards or bank accounts created under your name using services like credit savvy and use safe password tactics.
This. Presume all data is stolen and have mitigations in place. Watching your credit file is one of the best things you can do.
Really the government should have better standards / tech that make traditional ID redundant. Probably an unpopular opinion too.
Any suggestion on which service to use for watching?
Your bank app might provide a free credit score check and display past credit applications, eg. NetBank.
All three of them.
Yeah as others have said, see if your bank has it. I check manually on occasion for:
- Credit scores (can help find unusual activity): https://wisr.com.au/credit-scores
- Hacks: https://haveibeenpwned.com/
There are paid services for constant monitoring… which I probably should do but don't.
The most infuriating thing is that someone can open credit in your name and the credit provider doesn't even have to tell you !
There absolutely should be a requirement for a notice that new credit is active, and this notice needs to be sent to the address/phone/email that your credit record has attached.
It would be much harder to use credit from someone else's identity, when that someone was notified before the account became live.
tech that make traditional ID redundant. Probably an unpopular opinion too
damn straight, in light of the weakness of massive centralized tech, your solution is legislate we can only use massive centralised tech, run by an organization that doesn't give a (profanity) about us and have historically been utterly useless.
Who said centralised?
I volunteered at a community centre for a while and they stored all their forms from children and adult members on an internet facing web server, with the password equivalent of "cat123". The centre manager, chosen by and accountable by a board of elderly volunteers, wanted to cover up the mistake instead of fixing it or even changing the password. Was an eye opening experience. One woman's ego is all that stands in the way between thousands of vulnerable people having their private data secure or not.
Thanks for the tip.
Looked into creditsavvy and signed up to use savvyshield but wasnt sure if they just deal with their partner experian or the other credit agencies too (equifax/illion).
Decided to just go direct to equifax and request a credit report ban and they will share it with the others as well.
Anyone else with latitude and needs to do it can go here.
https://www.equifax.com.au/personal/help-centre/credit-repor…
Thanks for the link — one problem is that the credit report ban only lasts 21 days, is it easy to extend it continuously?
Yes you can keep asking for extensions by filling in the same form
May I suggest hackers don't try and open an ANZ credit card in my name. Their ID checks were so cumbersome even I failed to pass. But they may have better luck and I wish them all the best.
"Its okay when people steal your identity and give it to criminals, because they probably already have it anyway. Don't be such a baby"
-Herbse, 2023
I noticed Bundll isn't taking any new customers, were they affected by a breach or something?
"Latitude Financial has experienced a data theft as the result of what appears to be a sophisticated and malicious cyber-attack."
Gerry Norman guessed the password.
FU GERRY
Why do these assholes have my details when I cancelled my account 2 years ago.
Cause that is what their terms and services read, did you not read them when signing?!?
(profanity) we need some anti data retention laws and would somewhat mitigate the amount of leaked data. This is BS.
They collect and retain half of this due to retention laws, especially when some are vague.
At this rate, we all need to move interstate every few months to change driver license info.
I've had my license number since I was a teen, it's too late for me to memorise a new one.
Why do you need to memorise a license number?
Have you tried to memorise your Medicare number? Brutal
@OldBugger: Working at an insurance aggregator, I needed to memorise my Medicare number to keep filling out the forms while developing the health insurance comparison journey 😂
Cause he can.
I can.
I don't need to or want to but I do know what it is.
Honestly, it would be better if you changed it. If you have been part if any data breach then your info is out there, nothing you can do about it except changing it.
Back in the days when your data leaked and the company offered you a generous $5 coupon
OptusHome Days, were good…
Latitude has drop the ball totally, customer service is very hard to find. I"m thinking they are the next to go under……….
I love working in cyber security just because of the sheer incompetence displayed by massive companies like Optus and Latitude. Thanks guys!
Everyone should photoshop 20 copies of their id with different details and just upload that to the 'darkweb' already.
I like this, being proactive
Got this email. Have a ge card from 20 years ago. Dammit.
I have been absolutely reemed daily with scam calls. First Optus, then AHM and now Latitude, FFS.
How are you letting customers know?
We are communicating with all our customers to let them know about what has happened.
Has anyone actually received any communication from these guys yet?
Yes today.
Only just now actually
I still haven't received any emails from them regarding this as of 20/03. They send statements through promptly each month, but still nada about the breach, generic or targeted to say I'm affected.
I wonder when SportsBet will let us predict the next company to get hacked…
I wanna know if they will let me bet on how many of their (profanity) annoying ads will be on per footy game, or per Tv show.
Get used to it… the more info "out there" the more enticing it is for hackers… most companies wont do shit until after its too late.
Many companies are already sitting up and taking note. Security audits across industries are huge, and increasing. The problem is
- there is a 30 year legacy of tech with poorer security that everything is built on to some extent
- security is ultimately a war of attrition and can never be "won", and as we "increase security" we generally decrease usability and freedoms, so either way it sucks for end users.
If I’m affected then Optus already replaced ny drivers license and paid for the credit protection membership.
Some Latitude for leadership over this particular hack
When Optus, then Medibank fell victim to cyber warfare last year, the companies’ respective chief executives, Kelly Bayer Rosmarin and David Koczkar, were highly visible in the disaster response efforts, both commenting in their outfits’ earliest communications to customers.
So we were intrigued that when Latitude Financial became the latest to feel the wrath of hackers – some 328,000 customers’ data was revealed as stolen on Thursday – we heard not a public peep from chief executive Ahmed Fahour.
Ahmed Favour is too busy counting his king money
We can guess the government solution is a digital identity. We are so stupid.
They will most likely have been fined more for their recent SPAM act breach, than this customer breach :/
Blah blah blah
Who gives a (profanity).
Waiting for it to be published in the dark web 😷
Yeah got the email today
Dear ozbargains,
We’re writing to you directly to update you on a recent cyber-attack that Latitude Financial is actively responding to. Regrettably, the attack has resulted in the theft of some customer data.
The attacker appears to have stolen personal information that was held by two Latitude service providers, impacting customers across both Australia and New Zealand.
As of today, we understand that approximately 103,000 identification documents, more than 97% of which are copies of drivers’ licenses, were stolen from one service provider. Approximately 225,000 customer records were stolen from a second service provider.
Latitude apologises to its customers, particularly those who were impacted. Please be assured we will contact you directly if your personal information has been disclosed.
We are working with the relevant authorities and have engaged cyber security specialists as we continue to do everything in our power to contain the attack.
As a valued Latitude customer, we thank you for your understanding and patience. Our services remain available and you should have confidence in using them.
Please continue to monitor Latitude’s website where we will be publishing further information as it becomes available.
Andrew Walduck
Chief Operating Officer
Does this mean you have been impacted? I read it as they will contact you further if you have been impacted.
you can't trust on who they contact as proof on who was impacted, especially if you were a customer but no more. Optus for example , at least in the beginning contacted only current customers but previous customers who had cancelled prior(even years) had their data compromised.
Yea I would just assume everyone has been impacted and all data is out and to act accordingly. But it’s good to know for sure that you have been impacted and what data was accessed.
Just three weeks ago, when they emailed advising they were shutting down Latitude Pay, I replied:
In light of recent security/privacy breaches; as part of closing my account down, could you please delete any information connected to me that is held on your systems?
I received no response.
I think there is a government requirement that all providers must retain our data.
Sucks, there’s no point leaving them either because you just have to provide new docs to sign up elsewhere too.
They've only got my old driver's licence.
And your old date of birth?
Still the same licence number?
This is the final straw for me. Closed my 28 Degrees account today. First it was the ridiculous BPay fee. Second they limited limiting direct debit requests so that they can only clear finalised (but not pending) charges such that low credit limits are unworkable. This product used to be amazing.
But still good for overaeas ? As credit card with good rates
It wasn’t good for last overseas trip because of how long it took posted transactions to move from pending to final. Those pending transactions hit over $2,000 and I couldn’t pay the account using direct debit until they became final. Net result was that the account needed a higher credit limit than $2,000 - just for occasional overseas trips & despite me wanting to pay the card down each time. I ended up running half of my charges through an FX free debit card instead.
I see. I didnt notice the timing as i was just using it for hundreds dollars only last month at overseas
pending transactions hit over $2,000 and I couldn’t pay the account using direct debit until they became final. Net result was that the account needed a higher credit limit than $2,000
This makes no sense - you realise you can just ask them to increase the credit limit ?
You have to set the limit at a high enough level for your use !
@Nom: And what he/she is saying is that because you can only pay off finalised transactions, and because transactions remained in a pending state for so long, the otherwise sufficient credit limit was rendered completely insufficient.
It makes perfect sense. Why do you think it doesn’t?
@Morien: Because in this scenario you would just increase the credit limit 🤷🏼♂️
Trying to use a card with the limit set too low is going to cause frustrations with any card…
If the complaint is that they wouldn't give a higher limit, then absolutely go elsewhere. But I don't think that's the case here.
@Nom: It’s not correct to say that low limits cause frustrations with any card. All other cards readily allow payments in excess of current balance. 28 degrees won’t permit it, unless you cop a stupid bpay payment fee. Again, only 28 degrees does this.
Sure, I could have called from overseas to increase my limit, but frankly I shouldn’t need to. I cannot see why I was not permitted to lodge a direct debit request to cover the pending transactions - they were pending for more than 3 days!
I find it unreliable these days:
Since Latitude took over, I've had constant problems with online transactions failing, not receiving a SecureCode, being blocked. or simply failing for some unknown reason. I've called them multiple times, and they swear there's nothing wrong with the card.
Tap and pay or direct use almost always works. I've used VPN/No VPN, multiple devices, multiple web browsers, etc etc. Booking a hotel via a website failed, but card worked in person at the hotel. Multiple airlines fail, random online merchants that have worked before fail. A Visa Debit card I have always works successfully for the same transactions over the same conditions.
So yes, perhaps the halcyon days are over.
That’s why you buy a cheap identity and use it for these kind of services. At this rate, we might just end up buying each other’s identity anyway. /s
I’m getting close to do it though, email, phone, fb and Google accounts all linked to a dummy.
PM me about your comment. I'm interested.
I don't deal stolen identities, that was a hilarious thought that my mind makes to make me laugh. You have to be there.
I know there are ways to get identities for cheap in third world countries though. Plenty of people who have never travelled outside of their home town, would sell their IDs for peanuts.
Okay, well, soon enough I'll be ready to change my name each time a breach happens, because it seems to be something nobody is taking responsibility for.
Jeez…one employees login details were used to get all the data..
https://twitter.com/Jeremy_Kirk/status/1636181185268428801?t…