Powered by MOMENTUM MEDIA
the adviser logo
Lender

Latitude cyber attack victim sues company for $1m

by Adrian Suljanovic11 minute read

One of the victims of the Latitude Financial cyber attack has filed a $1 million lawsuit against the organisation, saying the firm failed to meet a duty of care with his personal data.

Shahriar “Sean” Saffari, a former mayoral candidate in the Maitland 2021 election, was just one of the 7.9 million customers hit by the Latitude cyber attack that occurred in March, leading to customer data being posted on the dark web.

According to the case filed with the Federal Court at the beginning of the month, Saffari held a low-rate Latitude Mastercard credit card and is now claiming Latitude was negligent in protecting his personal information and failed to take reasonable steps to uphold its duty of care.

Saffari is now seeking a payment of $1 million in compensation for damages caused by the attack.

==
==

If successful, the lawsuit would add to the massive price tag it already accrued from the attack. The financial organisation said it had set aside $53 million after tax in the first half of 2023, made up of a $46 million provision and additional costs incurred.

In addition, in an ASX announcement last month, the company expected a potential loss as high as $105 million as a direct result of the cyber attack.

“As a consequence of the direct impacts of the cyber attack on operations, IFRS 9 credit provisions and the provision for costs and remediation, the 1H23 statutory loss after tax from continuing operations is forecast to be in the range of $95 million to $105 million, with the full-year statutory result also expected to be a loss,” it said.

On top of the expenses it already faces, Latitude could incur more penalties as a result of the hack, with the case currently under investigation by the Office of the Australian Information Commissioner (OAIC), as well as New Zealand’s Office of the Privacy Commissioner.

The OAIC is able to enforce fines of up to $50 million per issue found.

The Latitude Financial cyber attack occurred back in March, leading to the data of 7.9 million current and former customers being stolen.

The company was contacted by hackers claiming to be behind the attack, requesting Latitude pay a ransom for the release of the stolen data. Latitude, in line with government advice, refused to pay the ransom demands.

“Latitude Financial has received a ransom demand from the criminals behind the cyber attack on our company,” it said in April.

“Latitude will not pay a ransom. This decision is consistent with the position of the Australian government.

“We will not reward criminal behaviour, nor do we believe that paying a ransom will result in the return or destruction of the information that was stolen.”

[RELATED: Cyber attack “materially worsened” non-bank lender’s bottom line]

latitude financial office csc df bto

Adrian Suljanovic

AUTHOR

Adrian Suljanovic is a journalist on Momentum Media's mortgages titles: The Adviser and Mortgage Business.

Adrian has written for a range of titles under the Momentum Media umbrella such as IFA, Investor Daily and Lawyer’s Weekly before joining the mortgages team in 2022.

He graduated from the University of Wollongong in 2021 gaining a Bachelor of Communication & Media with a major in Digital & Social Media.

E-mail Adrian at: [email protected]

JOIN THE DISCUSSION

You need to be a member to post comments. Become a member for free today!
magazine
Read the latest issue of The Adviser magazine!
The Adviser is the number one magazine for Australia's finance and mortgage brokers. The publications delivers news, analysis, business intelligence, sales and marketing strategies, research and key target reports to an audience of professional mortgage and finance brokers
Read more