Latitude refuses to pay ransom demand after major hack exposes Kiwis' details


Australian financial services firm Latitude has received a ransom demand from cyber attackers who stole million of consumers' personal details on both sides of the Tasman - but said it will not pay.

Last month the company disclosed more than 14 million Australian and New Zealand drivers licenses, passports and other personal details had been stolen in a cyber attack.

In a statement to the Australian Stock Exchange, it said a ransom, which it did not detail, had been demanded from the attackers.

Chief executive Bob Belan said a payment was out of the question.

"Latitude will not pay a ransom to criminals. Based on the evidence and advice, there is simply no guarantee that doing so would result in any customer data being destroyed and it would only encourage further extortion attempts on Australian and New Zealand businesses in the future.

"Our priority remains on contacting every customer whose personal information was compromised and to support them through this process."

Belan said Latitude had been working on safely restoring its IT systems, bringing staffing levels back to full capacity, enhancing security protections and returning to normal operations.

"I apologise personally and sincerely for the distress that this cyber-attack has caused and I hope that in time we are able to earn back the confidence of our customers."

More than a million New Zealand driver licence numbers, passport details, and other customer records including about 2000 with Kiwibank-branded personal loans, administered by Latitude, were stolen in the attack.

Latitude has operated in New Zealand with Genoapay and Gem Visa.

It said it has been contacting affected people, and set up help lines for customers.

Previously it has advised those affected to contact credit bureaux to put a flag on their records to stop attempts to misuse their details.