The fallout from a “sophisticated and malicious cyber-attack” on an Australian financial firm continues to spread, with Coles Financial Services confirming its data had been exposed.
Last month, Latitude Financial revealed in a ASX announcement that personal details of customers had been stolen by hackers who were able to gain access to its systems.
On Saturday, Coles Financial Services confirmed historic data of credit card holders had been affected by the cyber-attack.
“Latitude has not yet advised Coles of the number of impacted customers or specific details of the breach,” a spokeswoman said.
“We understand that this cyber incident is concerning … and apologise for the inconvenience and uncertainty created.”
Credit cards offered by Coles Financial Services, which is separate from the supermarket, after 2018 were not affected as the group moved its partnership to Citibank.
The records of roughly 14 million Latitude customers from Australia and New Zealand were taken in the Latitude breach, with the company still investigating.
The company said it believed there has been no suspicious activity inside its systems since the attack was identified on March 16.
Chief executive Bob Belan said Latitude had received a ransom demand but vowing not to pay.
“Based on the evidence and advice, there is simply no guarantee that doing so would result in any customer data being destroyed and it would only encourage further extortion attempts on Australian and New Zealand businesses in the future,” he said.
“Our priority remains on contacting every customer whose personal information was compromised and to support them through this process.”
Historic personal data of other partners, including retailers Myer, Harvey Norman, JB Hi-Fi and The Good Guys, were likely affected in the breach.
As of March 27, Latitude confirmed approximately 14 million records were stolen, including 7.9 million drivers licences, 53,000 passport numbers and records with personal information such as a customers’ names, addresses, telephone numbers and dates of birth.
Latitude Financial services predominantly operates to offer products including credit cards, personal loans, insurance and buy now, pay later schemes.
It came after Optus and Medibank had the details of millions of customers stolen in two separate sophisticated cyber attacks that included ransom demands which were not paid.