(Reuters) — Australian consumer finance company Latitude Group Holdings Ltd. said hackers stole nearly 8 million driver’s license numbers from Australia and New Zealand in one of the country’s largest confirmed data breaches, leading to lower rates.
The provider of credit cards and personal loans to some of Australia’s biggest retailers added that the cyber intruder also took about 53,000 passport numbers and more than 6 million customer records, mostly from between 2005 and 2013, in what it called a “worrying development”.
The update showed that the attack that temporarily froze Latitude’s operations affected far more customers than the company first disclosed on March 16, when it said criminals took 103,000 licenses.
It now ranks among the country’s biggest data thefts, behind only Singapore Telecommunications Ltd.-owned No. 2 telco Optus and medical insurer Medibank Private Ltd., which each said details of about 10 million customer accounts were compromised in attacks late last year.
Since a wave of data breaches began with Optus, the Australian government has increased penalties for companies that fail to adequately protect customer data as part of a review of the national cyber security strategy that is still ongoing.
“Cyber attacks are a growing threat and will become a more routine part of our lives for many years to come, and this incident is yet another reminder of the importance of improving Australia’s cyber security and privacy settings,” Cyber Security Minister Clare O’Neil said.
“It remains our position that no customer should bear the cost of a data breach,” she added, noting that Latitude was working with authorities to deal with the fallout from the attack.
Shares in Latitude closed down 2.5% in a flat overall market, as investors worried that the company’s exposure may be worse than previously thought.
“When investors hear about a data breach, they tend to assume the worst,” said Matt Simpson, senior market analyst at City Index.
Latitude said in a statement that its insurance covered cyber security risks.
“We are patching platforms affected by the attack and have implemented additional security monitoring as we return to operations in the coming days,” CEO Ahmed Fahour said in the statement.