Latitude Financial, an Australian non-bank lender, revealed on Monday that the number of individuals impacted by a hacking incident in March was significantly greater than the company initially disclosed.
The lender now says that hackers stole about 7.9 million Australian and New Zealand driver’s license numbers, up from its previous estimate of 100,000 identification documents. The hackers also stole 53,000 passport numbers and the monthly financial statements of fewer than 100 customers.
Additionally, the breach exposed 6.1 million records containing names, addresses, phone numbers, and birthdates dating back to at least 2005.
The ongoing investigation into the breach has not detected any further suspicious activity since March 16, according to Latitude Financial.
However, the Australian Federal Police are investigating the matter. The Australian government has called the incident “deeply concerning,” and Clare O’Neil, minister for cybersecurity, has demanded that Latitude Financial cover the full cost of recovery for replacement identity documents. The company has said that it will reimburse customers who replace their stolen IDs.
Some Australians are frustrated by what they claim is a lack of communication from the company regarding the breach.
They also question why Latitude Financial was holding onto data that goes back so far. The incident has raised concerns about the cybersecurity of non-bank lenders and other financial institutions.
The Australian Parliament passed legislation in November increasing the maximum penalty for privacy breaches to AUD 50 million or 30% of adjusted revenue.
