< Blogs

Another day, another cyber-attack. When (or will) the end near?

Earlier this month, financial services provider Latitude released a public statement admitting they were the victim of a serious cybercriminal attack. 

What happened?

Latitude Financial is an Australian company that offers credit, insurance, and personal loans to customers through leading consumer retailers such as JB Hi-Fi and Harvey Norman. In early April, Latitude revealed that its confidential customer records were breached. Latitude’s customers were understandably distressed. One woman stated, "It's gotten to the point where the only sensitive piece of information that hasn't been leaked about me on the internet is my favourite colour”: an exaggeration, yes, but only a slight one at that. A total of fourteen million records were stolen after a Latitude employee’s login credentials were exploited in request for ransom. The stolen details included personal information such as customer names, addresses, phone numbers and dates of birth, as well as drivers license and passport numbers.

Latitude's new CEO Bob Belan apologises to customers over cyber attack |  The Australian
New Latitude CEO Bob Belan apologised to customers for the major cyber-attack.

The ramifications for Latitude, who has “apologised unreservedly” for the breach, are significant. The former chief executive Ahmed Fahour was forced to resign. Furthermore, the company is now facing the looming threat of a class action from law firms Gordon Legal, and Hayden Stephens and Associates.

The narrative of this data breach is starkly familiar for the reader. The attack at Latitude is yet another instance in a string of major data breaches at Australian companies. From Optus to Medibank, Woolworths subsidiaries, and more, it seems anyone is at risk. If your details have not already been compromised, there is a high chance they will be in the near future.

Why are these data breaches so common?

The rate at which data is being both consumed and produced has exponentially increased over the last generation. In the last eleven years, the volume of data generated, harvested, copied, and consumed worldwide grew by almost 5000%. And a lot of that data ends up in the hands of major corporations. Unfortunately, too many businesses underestimate the significance of these evolutions of the technology sector. They fail to dedicate organisational resources to the protection of their information assets, and as a result, the integrity of their business is compromised. 

While some breaches are caused by human error and system faults, over 70% of attacks are executed by cyber criminals who find ways to take advantage of a business’ poor data governance. Some industries – such as the healthcare, finance, insurance, and professional services sectors – are particularly vulnerable to attacks because of the confidential personal information they hold. And there is no sign of these cyberattacks ceasing any time soon.

Why should I care?

Everyday citizens are often unaware of the power of the information they willingly hand over to corporations. Simple personal details like email addresses, full names and phone numbers are uploaded without a second thought. Many do not truly understand the risk of identity fraud. 

If a cybercriminal gains access to a user’s login of one platform, they can use this information to access other platforms the individual uses. This could include the person’s government accounts (Service NSW, Centrelink etc) health records (Medicare, My Health Record etc) and bank account details. These databases often contain unique identifiers such as passport and drivers license details. If these details are breached, the individual can face identity fraud, where an individual’s personal information is used without their consent, for someone else’s benefit. A criminal can open a bank account, withdraw money, obtain a credit card or loan, apply for a passport or identity document, or conduct illegal activity under the stolen identity. This can cause significant economic loss and emotional distress to the victim.

Optus hack: Customers ditching telco following massive data breach | The  Advertiser
Latitude is not the first; other companies including Optus and Medibank have faced recent data breaches.

What should we do?

Yes, you can change your password from “Password123!”. But can we truly avoid sharing our confidential information with corporations? In a century defined by e-commerce, social media, remote employment, and digital paperwork, it is near impossible to avoid trusting digital technologies with our data. The responsibility of increased privacy predominantly lies with industry, not the consumer. The chair of Electronics Frontiers Australia states that people are at constant risk of identity fraud because “organisations collect too much information, keep it too long, and store it insecurely.” In short, businesses are lacking, and more effort is needed. Businesses need to delete unnecessary data and safeguard their essential data. They need to allocate time, personnel, and resources to make informed data decisions. Most importantly, they need to look beyond the bottom line to prioritise the safety of their customers. As current students and future employees of these businesses, we ought to enter industry with an appreciation of the importance of data governance.

Earlier this month, financial services provider Latitude released a public statement admitting they were the victim of a serious cybercriminal attack. 

What happened?

Latitude Financial is an Australian company that offers credit, insurance, and personal loans to customers through leading consumer retailers such as JB Hi-Fi and Harvey Norman. In early April, Latitude revealed that its confidential customer records were breached. Latitude’s customers were understandably distressed. One woman stated, "It's gotten to the point where the only sensitive piece of information that hasn't been leaked about me on the internet is my favourite colour”: an exaggeration, yes, but only a slight one at that. A total of fourteen million records were stolen after a Latitude employee’s login credentials were exploited in request for ransom. The stolen details included personal information such as customer names, addresses, phone numbers and dates of birth, as well as drivers license and passport numbers.

Latitude's new CEO Bob Belan apologises to customers over cyber attack |  The Australian
New Latitude CEO Bob Belan apologised to customers for the major cyber-attack.

The ramifications for Latitude, who has “apologised unreservedly” for the breach, are significant. The former chief executive Ahmed Fahour was forced to resign. Furthermore, the company is now facing the looming threat of a class action from law firms Gordon Legal, and Hayden Stephens and Associates.

The narrative of this data breach is starkly familiar for the reader. The attack at Latitude is yet another instance in a string of major data breaches at Australian companies. From Optus to Medibank, Woolworths subsidiaries, and more, it seems anyone is at risk. If your details have not already been compromised, there is a high chance they will be in the near future.

Why are these data breaches so common?

The rate at which data is being both consumed and produced has exponentially increased over the last generation. In the last eleven years, the volume of data generated, harvested, copied, and consumed worldwide grew by almost 5000%. And a lot of that data ends up in the hands of major corporations. Unfortunately, too many businesses underestimate the significance of these evolutions of the technology sector. They fail to dedicate organisational resources to the protection of their information assets, and as a result, the integrity of their business is compromised. 

While some breaches are caused by human error and system faults, over 70% of attacks are executed by cyber criminals who find ways to take advantage of a business’ poor data governance. Some industries – such as the healthcare, finance, insurance, and professional services sectors – are particularly vulnerable to attacks because of the confidential personal information they hold. And there is no sign of these cyberattacks ceasing any time soon.

Why should I care?

Everyday citizens are often unaware of the power of the information they willingly hand over to corporations. Simple personal details like email addresses, full names and phone numbers are uploaded without a second thought. Many do not truly understand the risk of identity fraud. 

If a cybercriminal gains access to a user’s login of one platform, they can use this information to access other platforms the individual uses. This could include the person’s government accounts (Service NSW, Centrelink etc) health records (Medicare, My Health Record etc) and bank account details. These databases often contain unique identifiers such as passport and drivers license details. If these details are breached, the individual can face identity fraud, where an individual’s personal information is used without their consent, for someone else’s benefit. A criminal can open a bank account, withdraw money, obtain a credit card or loan, apply for a passport or identity document, or conduct illegal activity under the stolen identity. This can cause significant economic loss and emotional distress to the victim.

Optus hack: Customers ditching telco following massive data breach | The  Advertiser
Latitude is not the first; other companies including Optus and Medibank have faced recent data breaches.

What should we do?

Yes, you can change your password from “Password123!”. But can we truly avoid sharing our confidential information with corporations? In a century defined by e-commerce, social media, remote employment, and digital paperwork, it is near impossible to avoid trusting digital technologies with our data. The responsibility of increased privacy predominantly lies with industry, not the consumer. The chair of Electronics Frontiers Australia states that people are at constant risk of identity fraud because “organisations collect too much information, keep it too long, and store it insecurely.” In short, businesses are lacking, and more effort is needed. Businesses need to delete unnecessary data and safeguard their essential data. They need to allocate time, personnel, and resources to make informed data decisions. Most importantly, they need to look beyond the bottom line to prioritise the safety of their customers. As current students and future employees of these businesses, we ought to enter industry with an appreciation of the importance of data governance.