in

‘Consumers are now sitting on ducks’: Latitude rejects hackers’ payment demands

Latitude Financial will not pay ransom to those behind cyberattacks as details of 14 million customer records are at risk of exposure.

Latitude has informed the stock exchange that it has received a ransom demand but will not pay it, based on the advice of federal government and cybercrime experts.

“Latitude does not pay ransoms to criminals,” said Bob Belan, CEO of Latitude.

“Based on evidence and advice, there is no guarantee that customer data will be destroyed.

“(It) will only facilitate further extortion attempts against customers in Australia and New Zealand in the future.”

Latitude did not disclose how much money the hackers demanded.

Cybersecurity expert Ryan Ko supported Latitude’s decision not to pay.

Professor Coe, head of cyber at the University of Queensland, told ABC, “The advice not to pay is correct, because if you pay, there’s no guarantee they won’t do it to you again.

As for what happens to the stolen data going forward, Professor Ko said it is out of Latitude’s control.

“Criminals are now assessing the risks of releasing data and how it motivates authorities and law enforcement to crack down on them.

“Now the ball is basically out of the court (in Latitude) and they can’t do much other than work with the authorities and unfortunately consumers are now sitting in ducks. There is

Latitude said the issue is under investigation by the Australian Federal Police and is working with the Australian Cyber ​​Security Center and other experts on its response.

“Processing” tolerance for contacting affected customers

In mid-March, the nonbank lender initially revealed that more than 330,000 customer records were involved in the data breach, but has since expanded to include millions of records.

In late March, 14 million records were confirmed compromised, including 7.9 million driver’s licenses.

Latitude said today that the stolen data detailed in the ransom demand matches the number of affected customers previously disclosed by the company.

“We have reached out to all customers whose information was compromised, past customers, and applicants to provide details of the stolen information, the support we provide, and outline our remediation plans,” the company said. , call center and customer service operations were now operating as normal.

However, some people reported being disconnected during long waits or on hold when trying to contact the company.

Latitude told ABC that it was experiencing a high volume of calls while its customer contact center was operating at full capacity, and advised them to call a dedicated line at 1300 793 416 to inquire about the cyberattack.

Customers complained about Latitude’s lack of communication after the attack.

Paying ransom risks creating a ‘sucker list’

Apart from going against government advice, Professor Ko said Latitude itself would have been the target of further attacks if it had paid the ransom.

“Most of the companies that have paid ransoms internationally are on what criminals call the ‘sucker list,’” Prof Koh said.

“The list will be shared worldwide and these people will eventually get hit with more ransomware attacks, the never ending.

“So the advice is not to pay the money and reduce the incentive for the gang to come back again.”

Latitude’s update comes as Federal Cyber ​​Security Minister Claire O’Neill announced that banks and financial services firms will be playing a “war game” to prepare for future cyberattacks.

In last year’s high-profile Medibank cyberattack, hackers posted stolen customer information on the dark web after demanding a $15 million ransom from the health insurance company.

O’Neill said the government is considering reforms following the Medibank breach, including making it illegal for companies to pay ransoms to hackers.

“If this were done nationally, it would be a smart move to discourage ransomware gangs from targeting targets in Australia, because ransomware gangs have no way of making money and are ,” said Professor Ko.

“But the reality is that the IT services we use are not exclusive to Australia, so this is a gray area.”

What do you think?

Written by admin

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Brookfield opposes NSW move to support largest coal generator

Brookfield opposes NSW move to support largest coal generator

Northern Australia is rich in important minerals and needs to be processed.strategist

Northern Australia is rich in important minerals and needs to be processed.strategist