Latitude Financial Refuses to Pay RansomOngoing Cyberattack Still Causing Service Disruptions
Australian non-bank lender Latitude Financial said it will not pay a ransom demand from extortionists behind the theft of 14 million customers' data.
The Australian extender of consumer credit said in a Tuesday update on its ongoing ransomware incident that paying hackers "would not result in the return or destruction of the information that has been stolen." The company continues to experience service disruptions "as we secure our IT platforms," it said.
Latitude Financial disclosed late last month that hackers said they stole approximately 7.9 million Australian and New Zealand driver's license numbers and an additional 6.1 million records -including names, addresses, phone numbers and birthdates - in a database containing information dating back to at least 2005 (see: Latitude Financial Admits 14M Customer Details Breached).
"Latitude will not pay a ransom to criminals," said CEO Bob Belan.
The company on March 16 told regulators about the hacking incident, which is under investigation by the Australian Federal Police.
Australian Minister of Home Affairs Clare O'Neil called Latitude's decision "consistent with Australian government advice."
"Cybercriminals cheat, lie and steal. Paying them only fuels the ransomware business model. They commit to undertaking actions in return for payment, but so often revictimize companies and individuals," she said.
O'Neil also announced the government will convene cyberattack gaming exercises with Australia's largest banks and financial services companies.
“How would government work with that company to get services back online? If one of our big four banks is down, who can assist in providing services to those customers? How can we make sure the country continues to function properly while we solve the problem?” she told newspaper The Age.
The company did not disclose details about the ransomware group or the ransom demand.
Latitude products include credit cards and installment payment plans in conjunction with retailers. A consortium of investors, including KKR and Deutsche Bank, acquired the business from GE in 2015. The company went in public in 2021.