You may have heard of the most recent data breach at Latitude Financial Services, in which the personal identification information of approximately 300,000 customers was stolen. We are not affiliated with Latitude Financial Services, but we wanted to make you aware of this incident as it may impact you if you are a Latitude Financial Services customer.

Latitude Financial provide financial services such as home and personal loans as well as credit card services for retailers such as Harvey Norman, JB Hifi, Good Guys etc. that offer interest free terms. 

According to reports, an unauthorised third party gained access to a portion of Latitude Financial Services' customer database on March 10, 2023. The stolen information may include your name, address, date of birth, contact information, and possibly other personal data.

We strongly advise that you take immediate steps to protect your personal information if you are or have been a Latitude Financial Services customer. 

This may include monitoring your financial statements and credit reports for any unauthorised activity, changing your password and enabling two-factor authentication for any accounts that use the same or similar passwords, and being cautious of any suspicious or unexpected communications or requests for personal information.

We encourage you to contact Latitude Financial Services directly for additional information and guidance on how to protect your personal information. We also recommend that you consider placing a fraud alert or security freeze on your credit report with the major credit bureaus.

We understand the importance of safeguarding personal information and we take data breaches seriously as we have seen the impact it has had on individuals and businesses over the years.

We are committed to supporting our customers that may have been impacted by this data breach during this difficult time and will continue to monitor the situation closely.

This is a great opportunity for you to do some “spring cleaning” and improve your password and Cybersecurity hygiene.

Firstly, get yourself a password manager, such as LastPass, so you can not only store all your passwords securely, you can use the manager to:

• Check how secure your passwords are

• Ensure you’re using unique passwords for every site or service you’re subscribed to

• Check to see if your email address(es) or commonly used passwords have ever been involved in a known breach. You can also check this at Have I Been Pwned.

DON’T make up your own passwords.

Password managers create random, unique passwords, and let you set the complexity and length.

We recommend:

• Upper and lowercase characters

• Numbers

• Symbols (not all sites allow this)

• 20 characters (not all sites allow passwords this long)

• Set a complex and easy to remember master password for your password manager.

• We recommend a sentence with upper and lowercase, numbers and a symbol. E.g. ILoveParisInSpring2022! is a strong password.

For any sites or services, you’ve subscribed to that offer multifactor authentication for your online accounts, turning this on is a must. Only certain sites force multifactor authentication on you, such as financial accounting packages such as Xero and MYOB.

For any others, the best thing to do is to Google “How to turn on multifactor for %INSERT SERVICE HERE%” and you should be able to find an FAQ page for that service explaining how to enable it.

This is your first line of defence!

Now, not all multifactor authentication is created equal. Some are more secure than others. e.g. getting a code sent to your email or sending an SMS to your mobile is not recommended. This is worth a separate post. Watch this space!

However, some sort of MFA is better than nothing.

What Else Could You Do?

Credit Reporting

Put a temporary ban on your credit reporting - this will block anyone from applying for credit in your name. Extensions to the ban are possible under certain circumstances, especially if you suspect you’ve been the target of identity theft or Cybercrime. https://www.equifax.com.au/eform/submit/credit-ban

Banking

Make sure all your financial systems have multi-factor authentication. Surprisingly, and perhaps even shockingly, some banks and financial institutions don't force MFA on you, and some don't even offer it.

Contact your bank and notify them your data has been breached in the Optus breach and ask them to put a note on your file.

Further Information

Please visit cyber.gov.au or call them on 1300 CYBER1 hotline

Be alert for scams referencing the Latitude Financial Services data breach. Learn how to protect yourself from scams by visiting www.scamwatch.gov.au.

If you are concerned that your identity has been compromised or you have been a victim of a scam, contact your bank immediately and call IDCARE on 1800 595 160.

If your identity has been stolen, you can apply for a Commonwealth Victims' Certificate

The following websites can help you protect yourself and stay informed:

• Identity theft | Moneysmart

• Identity fraud | OAIC

• Report cybercrime | https://www.cyber.gov.au/acsc/report

• Australian Cyber Security Centre Homepage | ACSC

• Office of the Australian Information Commissioner