Law firm investigating class action against Latitude claims it knew of ‘real risk’ of security hack


The law firm investigating one of Australia’s biggest security breaches which saw a whopping 14 million records stolen – has claimed Latitude had uncovered “real risks” to its security environment before the hack but failed to act.

Gordon Legal is currently investigating a class action against Latitude after the breach was revealed in March.

The non bank lender said 7.9 million drivers licences, 53,000 passport numbers and records with personal information such as a customers’ names, addresses, telephone numbers and dates of birth was obtained by hackers.

Now the law firm has had 55,000 affected customers sign up to participate in a potential class action with many expressing “great concern” over their stolen data.

Gordon Legal said it had uncovered some disturbing information in relation to the security breach – with Latitude also receiving a ransom demand from hackers that it has refused to pay.

“We have uncovered some concerning evidence that Latitude may not have taken adequate steps to properly protect its customers’ personal information, that it was collecting information it should not have, that it did not adequately explain to consumers why it was collecting their information (and what if anything) it was going to be used for, and that it kept the information it collected for too long,” the law firm revealed in an email to impacted customers.

“The evidence has also identified that Latitude had uncovered ‘real’ risks to its security environment, before the data breach took place, but that it appears to not have adequately acted to protect its customers.”

Another disturbing aspect of the breach was the number of former customers who were affected which included historic personal data from retailers that had teamed up with the lender.

Coles Financial Services has confirmed historic data of credit card holders had been affected by the cyber-attack, while retailers Myer, Harvey Norman, JB Hi-Fi and The Good Guys, were also likely affected in the breach.

Gordon Legal said it was investigating why Latitude kept the personal and private information of some customers for many years – “exposing those older customer accounts to the data breach, years after those people stopped being customers of Latitude”.

Latitude revealed earlier this year 6.1 million records dating back to at least 2005 had been obtained by the hackers.

From the 7.9 million driver’s licences exposed, approximately 3.2 million or 40 per cent were provided in the past 10 years.

The 6.1 million records stolen dated back to at least 2005, revealed the company, of which approximately 5.7 million or 94 per cent were provided before 2013.

Gordon Legal said it had filed with complaint with the Australian Privacy Ombudsman regarding the data breach and it was still accepting impacted customers to register for the class action.

Latitude previously said it would reimburse customers who choose to replace their stolen ID document and said it maintains insurance policies to covers risks, including cyber security incidents, and as a result it had informed its insurers.

A Latitude spokesman told news.com.au that these are unfounded assertions which the company categorically rejects.

“Latitude is delivering a free and comprehensive customer care program for affected individuals, including reimbursing the cost of replacement IDs, hardship assistance, mental health and wellbeing support, and specialist advice via not-for-profit IDCARE,” he said.

“We encourage all affected individuals to visit the cyber response page on the Latitude website for further information.”

The Latitude hack came after Optus and Medibank had the details of millions of customers stolen in two separate sophisticated cyber attacks that included ransom demands which were not paid.

The attack is now bigger than the one that impacted Optus, which saw 9.8 million customers data stolen from the telco.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *