Update:
Latitude Financial confirms data hack is far worse than expected, with 7.9 million people's data stolen
https://www.abc.net.au/news/2023-03-27/latitude-far-worse-cy…
Another day, another data breach.
As of today, Latitude understands that approximately 103,000 identification documents, more than 97 per cent of which are copies of drivers’ licences, were stolen from the first service provider.
Approximately 225,000 customer records were also stolen from the second service provider.
Got the email.
I wonder how affected I am.
Had the 28 degrees card - applied about 15 years ago. Card expired about 2 years ago and I never activated the new one they sent me. I never fully closed my account though. Sigh….
I never fully closed my account though. Sigh….
If there's one thing we've learned is that these scumbags don't treat an account closure as anything. I had ported away from Optus years prior and was part of their leak. Not only that they reported my account as closed on my credit report a few months ago. I guess it's good they closed the zombie account but jesus.
Hmmmm… no email yet, but a flood of spam showing up lately.
I’m with you. Spam is relentless right now. Well over 120 messages/day.
YAY, 3 from 3. Ffs.
Hahaha you are not alone
How long before we see the accuracy of our data being debated between dark web and FAANG companies?
Lol, this isnt a bad talking point. I'd be interested to know.
I have nothing to do with Latitude other than inquiring into hire purchase about 4 years ago - I asked them to remove me from their database long ago…and guess what?
I'm done with these bullsh*t services that honestly just do what they want with our data…
I’m pretty upset about this and the response. Upset enough to close my account. Once I make the account inactive does anyone know how long do you have to finalise the outstanding balance?
If they have to keep your details on file for the sake of the government… why would closing the account make any difference?
to punish latitude, make them loosing all customers and go bust. thats what we all have to do with optus medibank etc when they got hacked.
as gov didnt do anything then we do something.
yes you may say no point as data already hacked, but other company will see oh moly customers are really king they can make a company as big as optus goes down , we need to respect their data. lets invest more we may have less profit this year but less is better than zero.
Fair point, but then you would lose access to a line of credit / cash advance etc
I got my line of credit with GE when i was 18. I've let the account lie dormant for almost 2 decades now. They keep sending out a new card every time the old one expires.
@Oofy Doofy: what do you mean… you can close latitude and open a/c with others… what we want is to tell others, we can punish a company who failed to protect our data…. not against the whole industry…
well, no credit is better. we should not get used with borrowing money in the first place anyway.
https://www.abc.net.au/news/2023-03-20/latitude-finance-upda…
The company said on Monday the scope of what was thought to have been stolen might grow as it continued to review "non-customer originating platforms and historical customer information".
Today, Latitude's chief executive Ahmed Fahour apologised to them.
hmm this guy again
https://www.heraldsun.com.au/news/australia-post-donates-bos…
Update:
Latitude Financial confirms data hack is far worse than expected, with 7.9 million people's data stolen
https://www.abc.net.au/news/2023-03-27/latitude-far-worse-cy…
In an announcement to the ASX, the firm said it had identified approximately 7.9 million Australian and New Zealand driver's licence numbers that have been stolen, while a further 6.1 million records dating back to at least 2005 have also been obtained by the hackers.
If you ever owned a Coles CC (at one point underwritten by Latitude I believe), would you be impacted by this hack? I am yet to receive any communication from anyone!
just assume the worst ie yes and you are will not in stress anymore
has any latitudePay only customers gotten an email ? should i get a new license now?
I’m trying to figure this out
So so so mad.
Applied for my card 12 or 13 years ago. Card expired and never activated the new one. But don’t think I ever formally closed the account. Not sure what data of mine was breached. I can’t even remember what identity docs I signed up with and they haven’t told us yet what specific documents for our individual accounts were actually leaked.
They seem to be doing ASX press releases (which they don't have much choice about) but not actually contacting the affected customers.
Perhaps some mass closing of accounts might be needed to get their attention ?
14 millions now… lol…
Are these mugs paying for id replacement? How do we even know what is compromised…
Assume the worst…
Sure but its a bit tricky when it was so long ago. I've no idea if they had my passport for example.
Well it looks like I originally signed up way back in 2011. Since then I've renewed my driver's licence, passport and moved addresses so hopefully any documents of mine that leaked are void.
News said data from as far as 2005
God bless all of us.
During your application for a 28 Degrees Platinum Mastercard (application number we attempted to verify your identity by providing your name, address and date of birth to the Veda credit bureau.
Veda has indicated that they were unable to verify all or part of this information against their records.
This did not impact or determine the final outcome of your application for a 28 Degrees Platinum Mastercard, however we wish to advise that you may want to consider contacting Veda at www.veda.com.au or call Veda Customer Service on 1300 921 621 to discuss the accuracy of the information contained in your credit file.
I can't remember what I used for ID if any back in 2017.
My passport is about to expire soon I'm thinking should I wait and see if Latitude will pay for it?
You wish. Just see thry will get no punishment from government, just like optus medibank etc
The Bold is what they sent me in 2017.
I'm hoping the will pay for new ID otherwise I have to pay $310 for a new passport that might be bad in 2 months time.
When you get a new passport you get a new passport number (unlike drivers license).
Your new passport won’t go bad until you use it for ID verification, and then the next data breach occurs.
@braddsey: It will go 1/2 bad meaning that you can still travel with it as bio metrics still work with boarder security. But can't be used as ID for a bank loan or you want to sign up for the Dole.
https://www.passports.gov.au/latitude-financial-services-bre…
I thought the government legislated for punishment after Medibank and Optus…
maybe but that could be for future instances not punishing medi and opt.
only us the customers who really can punish them, and warn the others to take this seriously. by ceasing becoming their member.
there are many alternatives (telco, health ins). even if we endup paying $30 more a year with others (doubt it, as medi and optus are expensive in the first place), thats small price to pay to bring those companies to bankrupt.
Something to be aware of if you have a Latitude 28 Degrees Mastercard: their website has stopped showing settled transactions which occurred since around 15 March. It seems that for more recent transactions all you have visibility on is the pending transactions and the overall account balance/available. I see this on my own account and it's also being reported by others in the Whirlpool thread.
Meanwhile Latitude is telling us in their most recent Cyber Incident Update:
If you believe there's fraudulent activity on your account, contact us immediately so we can make sure your account is secure. If you're concerned about a transaction or charge appearing on your account that may not be yours, you can raise a dispute and we will investigate it.
I came into this thread specifically looking for this. It's absolutely unacceptable that I can't accept my settled transactions for over 2 weeks now. I'll be leaving the shit hole of a company as soon as my home loan refinance goes through.
I am worried. anyone who got your driver licence and address details now can just nominate you for any traffic violations.
https://9now.nine.com.au/a-current-affair/melbourne-man-blam…
you wont need to pay if not guilty but:
"He now has to make a statutory declaration to begin the process of clearing his name."
extra work and headache for sure
I hope the driver gets the fine and looses his license as mentioned in the article.
This seems like the dumbest fraud ever - did the Audi owner think the random unknown guy was just going to pay his fines ?!?
The only place those fines were ever going to end up was right back at his door - probably accompanied by a criminal investigation 🤷🏼♂️
must be a young bogan.
new email:
Latitude recently experienced a significant and malicious cyber-attack which resulted in data being stolen from our systems. It is with deep regret that I am sharing with you that some of your personal information was compromised.
As Latitude’s incoming CEO, I want to apologise for the impact that this incident has had on you. Know that we are committed to helping you through this process and hope that, in time, we are able to win back your trust.
This email explains what happened, the support we are offering you and the precautions we recommend you take to lower the risk of your information being potentially misused. Be assured, if you choose to replace your licence, we will reimburse you.
We have so far identified that the attack resulted in the following kinds of your personal information being compromised. This information was collected from you at the time you applied for credit from Latitude or our predecessor companies.
Unless we have explicitly notified you, images of your identification document(s) have not been compromised.
The licence number on the driver licence you provided us as part of your application.
The personal information you provided us as part of your application which, where applicable, included your full name, address, date of birth and phone number.
I got same. At the bottom does that mean drivers license detail were taken? I'm confused.
this ? The licence number on the driver licence
yes the licence number but not card number. they are different
and full name, address, date of birth and phone number.
game over man…..
In vic that means all they'd have is the full name, address, date of birth. Are you sure it means they don't have the card number? There is only one number on Vic License
@Webbo: in NSW we have licence number, and card number.
no use used card number until recently (to verify you really have the card on your hand).
It's best to read the details on their website for more information. See here: https://www.latitudefinancial.com.au/latitude-id-information…
In NSW, for example, they state that you do not need to replace your drivers license if only your license number was compromised. This is because the card number and license number are both needed for verification via the Document Verification Service. Hope what they have written is correct.
There are still smaller telco’s and other businesses that don’t require both the drivers license number / card number to this day. Bit concerning this advice is being given…
@rzg: That's because the Card Number is a relatively new function - I forget the deadline but I think it's the end of this year that it becomes mandatory in every state.
@Nom: yes gov just start telling ppl to use it after medibank optus hack.
later when both numbers leak not sure maybe they will introduce 3rd number on the licence.. and so on
@McMaferMur: Next time there's a leak, they can just send you a new card with a new card number 👍 The card number exists so they can change it when they need to…I assume they will invalidate the old card number when they give you a new one.
If changing our driving licence do we need to notify all current companies that has our ID for example the other banks, credit card, etc?
What if they have their data breached after we tell them?
Don't see why you would - that would've been for an identity check at that specific point in time, so no need for them to check you again.
For the email that Latitude sends out notifying customers about the hack, does it go to latitudefinancial.com instead of latitudefinancial.com.au?
I'm helping a friend with this. He received an email which appears to be from latitudefinancial.com.au and has a link to "A letter". The link uses URL redirection (through a non-Latitude domain) which goes through to a latitudefinancial.com page instead of latitudefinancial.com.au.
From the Whois record it seems that the .com site is legitimately also owned by Latitude. But that page asks for his birth date before it will show the promised letter. In Latitude's advice page for the breach they say "In our communications we will never share links, ask for passwords or sensitive information, or demand money" (emphasis mine).
It looks dodgy as hell considering the hack. Anyone got suggestions or explanations?
Sometimes sensitive documents are password protected - eg. fi you've asked for a copy of a financial statement.
I haven't received an email like this - did they reach out to Latitude? I wouldn't open it though.
I have a 28 degrees card - email is from a .com.au email address but the 'no reply' address is @latitudefinancial.com
Thanks @blueyez
Latitude's is not taking any calls, not even on their 'Dedicated data breach number' - They just have a message saying to check their website 😕
Hey @Dacs what are you trying to do for your friend ?
The hack has already happened - there's nothing you or your friend need to "do" - just be vigilant now that the data is out there.
@McMaferMur: @Nom My friend wants to confirm if his data was included in the breach, and if so exactly what data.
He did manage to get through to Latitude today and they said the emails he received were a scam 🤷
@Dacs: Latitude are sending out emails that explain exactly what was taken for each individual - it's just there in plain text, there's no attachments or links. If your friend hasn't had that email yet, they just need to wait until they get it 👍
Just put a random date in. Same as with those emails asking you to log into your internet banking. If it accepts anything then it's a scam.
I got the email too. Would it have killed them to let me know how they even had my details to begin with? Apparently it was with a 28 degrees card which I haven't had since 2014.
I hope they face consequences for holding onto data they shouldn't have had since years ago.
Got the email as well today and I closed my 28 degrees card in 2015. Didn't think I'd be affected since it's been a while since I closed my account so I'm quite pissed. What are they doing keeping our data even though accounts were closed ages ago!
Its government regulation to keep. But bot sure how long.
They should be forced to pay compensation to every person who had their info stolen, it’s the only way companies will take seriously protecting personal information.
Ransom….
It's a bit of a weird request, because there's already millions of users who had this exact data leaked from Medibank - why would anyone think this batch has any value ? If you want a few million driving licence numbers etc then go to town on the Medibank files 🤷🏼♂️ This data doesn't add anything to the game…
well those medibank data (probably) has been sold to one party, there are thousands more parties willing to pay so i dont see why there is no demand for leaked data?
for us, instead of getting 1 spam we will get 2… then another hack.. get 3.. etc etc
how are we actually getting hacked..
spam phone calls? Always a few of those.. and whatsapp msges.
Just have to ignore, block and report, and not fall for clicking any links.
Just got email from Latitude today regarding the breach. But I don't recall ever signing up with Latitude. I checked this through ClearScore. Is it possible that some of the BNPL uses Latitude?
So has anyone applied for a new licence due to this latitude breach and gotten the cost 'reimbursed' as per their latest email? What's the process like as it's not exactly elaborated on in the email. Since at least in QLD they've stopped the free licence replacements offered with the previous Optus breach.
Already got breached 3 times, how easy to hack all these stupid Aussie companies
Same, already had Equifax and new licence thanks to Optus, so you should have all that already too lol
Has anyone signed up to ambulance chasers trying to do class action.. Something came up on my phones web browser the other day to add your name to their list, Can't remember and never heard of the lawyers name before.
I closed my latitude account late last year in response to the Harvey Norman Shenanigans.
Yet, a month later I get an email saying I haven’t used my account in awhile????!!!!
I doubt once joined you can ever leave.
I’m assuming my perhaps-closed account info has been breached.