Latitude hack now over 14m customers
IT’S all eyes on Latitude as a number of Australian law firms have confirmed they’re circling the financial institution and weighing up the chances of a class-action lawsuit.
The magnitude of the cyber incident has also sparked a wave of fear among the use of third-party IT services, some experts say, with a number of companies scrutinising the security of their external providers.
The Office of the Australian Information Commission overnight confirmed it was in the preliminary stages of an investigation, gathering documents and evidence to consider whether it would pursue the company in the same respect it had Optus – which it warned in October could face penalties of “up to $2.2 million for each contravention”.
The Australian Federal Police, who opened an investigation into the Latitude breach on March 20, said it would expand Operation Guardian as part of its investigation.
Operation Guardian was established in September last year as the AFP opened an investigation in the Medibank breach which saw the personal details of 9.7 million people stolen.
News Corp can confirm that similar to Medibank, a number of victims of the Latitude breach had only inquired about its products.
Some caught up in the breach were old customers of the company known as GE before a transition in 2015.
Restructure firm McGrathNicol’s cyber expert Darren Hopkins said the Latitude breach among others had shown a spotlight on the security practices of third-party service providers.
“In the last six months there has been a big rise in the number of security breaches as a result of third party providers,” he said.
Mr Hopkins said most of the cyber hacking groups were from Russia and other parts of Eastern Europe including Belarus.