Latitude confirms it will pay for replacement passports, driver's licences after security breach

Kiwis affected by a huge cyber attack on a finance company are able to replace their stolen identification documents for free.

Last week, Latitude Financial revealed a hack on its databases had affected around 330,000 customers in New Zealand and Australia. The company operates finance companies Genoapay and Gem Visa among others.

Approximately 96 percent of personal information stolen was copies of driver's licences or driver licence numbers, less than four percent were copies of passports or passport numbers and less than one percent were Medicare numbers, Latitude said.

As Latitude continues its review, it said they are likely to uncover more stolen information affecting both current and past Latitude customers and applicants.

On Tuesday, the Department of Internal Affairs (DIA) said 1342 New Zealanders have had their passport details stolen.

DIA general manager of services and access Julia Wootton told Newshub it was not necessary to replace passports. 

"We have assessed the risk and determined that people do not need to apply for a new passport. Our Department has robust controls that protect passports from identity takeover, including sophisticated facial recognition technology," she said.

DIA deputy CEO Maria Robertson agreed it was not necessary to replace passports. However, she told AM if a customer is not comfortable with the details of a valid passport out there they can apply for a new one and should seek reimbursement from Latitude for the costs.

Latitude said in a statement they are working with agencies to replace identification documents at no cost to the consumer.

"Latitude will confirm to each impacted customer and applicant what personal information has been stolen, what we are doing to support them and what additional steps customers should consider taking to further protect their information," Latitude said.

"This includes Latitude working with relevant agencies to replace identification documents, where necessary, at no cost to our customers."

Customers who have been impacted will be contacted directly by Lattitude. They urge customers to remain vigilant, stating they will never contact customers requesting their passwords.

Latitude has also established dedicated contact centres for impacted customers in Australia and New Zealand to answer queries, as well as a dedicated help page on our website to keep customers and partners fully informed of developments. 

IDCARE has been engaged. IDCARE is a not-for profit organisation and Australia and New Zealand's national incident response service specialising in providing free, confidential cyber incident information and assistance 

Impacted customers and applicants will be able to contact IDCARE during business hours on 0800 121 068.

Latitude has insurance policies to cover risks, including cyber security risks, and we have notified their insurers in respect of the incident.

Once the cyber-attack is contained, Latitude will launch a review into the breach.