Latitude rebuffs ransom demand from cyber criminals
The finance group says paying up would encourage further extortion attempts.
Latitude Financial has rebuffed a ransom demand from the cyber criminals who made off with the personal details of millions of present and former customers last month.
“We will not reward criminal behaviour, nor do we believe that paying a ransom will result in the return or destruction of the information that was stolen.
“In line with advice from cyber crime experts, Latitude strongly believes that paying a ransom will be detrimental to our customers and cause harm to the broader community by encouraging further criminal attacks.”
The financial group did not specify the amount being demanded but admitted last month that the theft involved more than 14 million personal customer details, including driver’s licences and passport numbers.
Some of the stolen information dated back to 2005 and took in names, addresses, dates of birth and phone numbers. The criminals also got away with 53,000 passport numbers and the monthly financial statements of around 100 customers.
The company said details of the threat appeared consistent with the number of affected customers and it was working with the AFP, Australian Cyber Security Centre and cyber security experts on its response.
Latitude Financial CEO Bob Belan said paying a ransom would only incentivise more hackers.
“Based on the evidence and advice, there is simply no guarantee that doing so would result in any customer data being destroyed and it would only encourage further extortion attempts on Australian and New Zealand businesses in the future.”
Latitude believed there had been no suspicious activity in its systems since Thursday 16 March and it was contacting all customers and applicants whose data had been compromised, outlining details of the information stolen and its plans for remediation.
“Our priority remains on contacting every customer whose personal information was compromised and to support them through this process,” Mr Belan said.
“In parallel, our teams have been focused on safely restoring our IT systems, bringing staffing levels back to full capacity, enhancing security protections and returning to normal operations.
“I apologise personally and sincerely for the distress that this cyber attack has caused and I hope that in time we are able to earn back the confidence of our customers.”
Latitude has set up contact centres for affected customers and had engaged IDCARE, a not-for profit organisation that provided free, confidential cyber incident information and assistance.
About the author
