Coles Financial Services Confirms Historical Records Stolen in Latitude Financial Hack

The impact of a “sophisticated and malicious cyberattack” against an Australian financial firm continues to spread, and Coles Financial Services has confirmed that its data has been made public.

Last month, Latitude Financial revealed in an ASX announcement that a customer’s personal information had been stolen by hackers with access to the company’s systems.

Coles Financial Services confirmed on Saturday that the historical data of credit cardholders was affected by a cyberattack.

“Latitude has not yet notified Coles of the number of affected customers or specific details of the breach,” the spokesperson said.

“We understand the concern about this cyber incident and apologize for the inconvenience and inconvenience caused.”

Credit cards offered by Coles Financial Services, which is separate from supermarkets, were unaffected as the group moved its partnership to Citibank after 2018.

Records of approximately 14 million Latitude customers in Australia and New Zealand were obtained in the Latitude breach, which the company continues to investigate.

The company said it believes there has been no suspicious activity within its systems since the attack was identified on March 16.

CEO Bob Bellan said Latitude received a ransom demand but vowed not to pay it.

“Based on the evidence and advice, there is no guarantee that doing so will destroy customer data and will only fuel further extortion attempts against companies in Australia and New Zealand in the future,” he said.

“Our priority is to contact all customers whose personal information has been compromised and to support them through this process.”

Other partners’ historical personal data may have been affected in the breach, including retailers Myer, Harvey Norman, JB Hi-Fi, and The Good Guys.

As of March 27, Latitude has approximately 1,400 records, including 7.9 million driver’s licenses, 53,000 passport numbers and records containing personal information such as customer names, addresses, phone numbers and dates of birth. We have confirmed that 10,000 records have been stolen.

Latitude Financial Services operates primarily to offer products such as credit cards, personal loans, insurance, and buy now pay later schemes.

This came after Optus and Medibank stole the details of millions of customers in two separate and sophisticated cyberattacks and ransom demands were not paid.