Latitude reveals hack has exposed customers' passport information

  • 21/03/2023

Digital payments firm Latitude says it's taken its platforms offline as the cyberattack detected last week remains active and customers' passport details have been exposed.

Latitude, which provides consumer finance services to retailers like Harvey Norman and operates in New Zealand as Gem and Genoapay, said the attack appeared "well-organised" and it would resume services "gradually over the coming days".

Last week, the Australian firm said personal information, mostly drivers' licence copies or licence numbers, of about 330,000 customers and applicants was stolen.

But an email sent to a New Zealand Gem customer on Tuesday, seen by Newshub, revealed their passport information had been compromised.

"We are currently working with Government agencies on the process to replace your stolen identity document (where necessary) at no cost to you," the email said. "We are also working with [the] Government to determine which identity documents need to be replaced."

Latitude said the Australian Federal Police and the Australian Cyber Security Centre were looking into the attack.

Newshub has contacted Aotearoa's Cyber Security Centre and the New Zealand Police for comment.

Latitude reveals hack has exposed customers' passport information
Photo credit: Supplied

Providing the latest on the hack to the Australian Exchange on Monday, Latitude said it was "working around the clock to contain the attackers". 

"So far, Latitude can confirm that… Approximately 96 percent of the personal information stolen was copies of drivers' licences to driver's licence numbers," Latitude said. "Less than 4 percent were copies of passports or passport numbers.

"As our review deepens to include non-customer originating platforms and historical customer information, we are likely to uncover more stolen information affecting both current and past Latitude customers and applicants. We will provide a further update when we have more information to share."

The company's shares have not traded since last Wednesday, the day before Latitude first disclosed the cyberattack.

Reuters / Newshub.