Latitude Financial vows not to pay ransom to hackers in wake of massive data breach

theguardian.com:

Consumer lender Latitude Financial has vowed not to pay a ransom to those behind a massive cyber-attack that resulted in the largest-known data breach of an Australian financial institution.

Latitude, which offers personal loans and credit to customers at stores including JB Hi-Fi, The Good Guys and Harvey Norman, said on Tuesday that its position was in line with Australian government policies.

“Latitude will not pay a ransom to criminals,” Latitude’s chief executive, Bob Belan, said in a statement.

“Based on the evidence and advice, there is simply no guarantee that doing so would result in any customer data being destroyed and it would only encourage further extortion attempts on Australian and New Zealand businesses in the future.”

The lender said the stolen data the attackers detailed as part of a ransom was consistent with the updated number of affected customers disclosed by Latitude late last month.

Around 14m customer records, including driver’s licence numbers, passport numbers and financial statements, were stolen from its system in a cyber-attack that was far worse than the company initially reported.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

The stolen details include 7.9m Australian and New Zealand driver’s licence numbers and 53,000 passport numbers. A further 6.1m customer records were also stolen, of which 5.7m were provided before 2013.

Many of the documents are viewed by cybersecurity experts as particularly sensitive, because they contain unique identifiers that can be used in conjunction with general information readily available about a person to potentially steal an identity.

The Latitude breach also raises questions about how companies