Latitude cyber-attack: Cybercriminals demand ransom

Company says to give in to the criminals would put other businesses at risk. Photo / 123RF

Financial services firm Latitude has received a ransom demand from the alleged criminals behind last month’s cyber-attack that exposed more than a million Kiwis’ drivers licences, it said today.

The Australian-based company said it would not pay the ransom, which was in line with the position of the Australian Government.

“Based on the evidence and advice, there is simply no guarantee that doing so would result in any customer data being destroyed and it would only encourage further extortion attempts on Australian and New Zealand businesses in the future,” Latitude financial CEO Bob Belan said.

“Our priority remains on contacting every customer whose personal information was compromised and to support them through this process.”

Belan said its teams have been focused on safely restoring its IT systems and bringing staffing levels back to full capacity to enhance security protections and return to normal operations.

“I apologise personally and sincerely for the distress that this cyber-attack has caused and I hope that in time we are able to earn back the confidence of our customers.”

Latitude operates in New Zealand with its buy-now-pay-later service Genoapay and Gem Visa.

Latitude said to its knowledge there has been no suspicious activity inside its systems since March 16.

The cyber-attack is under investigation by the Australian Federal Police.

The data of 7.9 million New Zealand and Australian drivers licences was stolen in the hack.

In addition, approximately 53,000 passport numbers were stolen.

Last month Latitude confirmed just over 2000 Kiwibank customers’ data had been stolen.

“These records include some but not all of the following personal information: name, address, telephone, date of birth,” Latitude previously said.