Consumer finance firm Latitude Financial is refusing to pay a ransom to cyber criminals after tens of millions of consumers had their private information stolen.
Latitude Financial on Tuesday stated it will not reward felony behaviour, nor did it imagine coughing up ransom cash would see clients’ stolen data returned or destroyed.
“Latitude will not pay a ransom to criminals,” firm chief govt Bob Belan stated.
“Based on the evidence and advice, there is simply no guarantee that doing so would result in any customer data being destroyed, and it would only encourage further extortion attempts on Australian and New Zealand businesses in the future.
“Our precedence stays on contacting each buyer whose private data was compromised, and to assist them via this course of.”
About 7.9 million people had their driver’s licence details taken and about 53,000 passport numbers were stolen in the hack, which was detected last month.
Latitude also admitted an additional 6.1 million records dating back to at least 2005 were poached, including names, addresses, telephone numbers and dates of birth.
Fewer than 100 customers had a monthly financial statement stolen, the consumer finance company told the ASX in March.
The attackers laid out what data they stole as part of the ransom threat, and it was consistent with Latitude’s disclosure about how many customers were affected, the company said.
The Australian Federal Police is investigating the hack and Latitude is working with the Australian Cyber Security Centre and cyber security experts in its wake.
The company is in the process of contacting all customers whose information was compromised in the hack, outlining what was stolen and its plans for remediation.
Latitude has insurance policies to cover risks including cyber security risks and has notified insurers about the hack, the company said.
“Our groups have been targeted on safely restoring our IT programs, bringing staffing ranges again to full capability, enhancing safety protections and returning to regular operations,” Mr Belan stated.
“I apologise personally and sincerely for the misery that this cyber assault has triggered and I hope that in time we’re capable of earn again the boldness of our clients.”
The company has not detected suspicious activity in its systems since March 16.
Cyber Security Minister Clare O’Neil confirmed Latitude’s decision to reject the ransom demand was consistent with Australian government advice.
Cyber criminals cheated, lied and stole, and paying them only fuelled the ransomware business model, she said.
“They decide to enterprise actions in return for cost, however so usually re-victimise corporations and people,” Ms O’Neil stated on social media.
The minister needed Australia to be probably the most cyber-secure nation on the planet by 2030, and Australians needed to deny hackers any earnings from their crimes to be able to obtain that, she stated.
Source: www.perthnow.com.au
