Latest News: Plurilock CEO Ian L. Paterson on the Insurtech Leadership Podcast — November 16, 2023

Secure your small business:
Apps → Data →

Live Now:  
Cybersecurity Reference > incident

Latitude Financial Services Data Breach

March, 2023
Quick definition  ⓘ
Why it matters: The breach of Australian financial service provider Latitude, which resulted from credentials stolen in the breach of a vendor's systems, highlights the importance of cybersecurity supply chain risk management.
Statistic
14Million Records
Number of customer records ultimately affected by the Latitude Financial Services data breach.https://www.cpomagazine.com/cyber-security/data-breach-of-financial-service-provider-latitude-jumps-from-328000-to-14-million-records-stolen/

Key Points

  • In the direct sense, the breach resulted from the use of stolen employee credentials
  • The employee credentials were stolen via an attack on a vendor where these credentials were used
  • The credentials enabled the attacks to steal personal information from Latitude service providers
  • The breach highlights the importance of cybersecurity supply chain risk management (C-SCRM)
© Anyaberkut / Dreamstime

It's not enough today for businesses to secure their own systems, because every business relies on a network of vendors, service providers, and accounts. All must be secured.

Quick Read

In mid-March 2023, Australian financial service provider Latitude Financial Services revealed that a data breach had impacted over 300,000 customer data records.

The breach originated with an attack on a vendor, in which several employees' credentials were stolen. These credentials were then used to access several Latitude service providers where customer data was stored.

By late march, the company reveled that actually some 14 million customer data records had been affected, representing a breach of a significantly larger scale than had first been reported. Affected data includes driver's license numbers, passport numbers, and the personal information of loan applicants.

The fact that the breach didn't directly originate with Latitude, but rather occurred through attacks on vendors and service providers using stolen credentials, highlights both the importance of cybersecurity supply chain risk management (C-SCRM) and good account and password hygiene for employees.

Further Reading

CPO Magazine, March 31, 2023
—Aron Hsiao

Need Latitude Data Breach solutions?
We can help!

Plurilock offers a full line of industry-leading cybersecurity, technology, and services solutions for business and government.

Talk to us today.

 

Thanks for reaching out! A Plurilock representative will contact you shortly.

More to Know

© Dragonimages / Dreamstime

Your Security Depends on Your Vendor and Service Provider Security

Understanding the security postures of vendors and service providers is every bit as important as securing your own business in today's world. Your security is only as good as theirs is.

© Designer491 / Dreamstime

Password Hygiene Matters

Though complete details haven't been released, it is troubling that the reuse of stolen credentials on other systems appears to be implicated in this attack. Good credential hygiene dictates the use of different usernames and passwords on different systems—precisely so that stolen credentials are less usable.

PLURILOCK FAMILY

Plurilock corporate logo

PLURILOCK AWARDs

Copyright © 2024 Plurilock Security Inc.

Subscribe to the newsletter for Plurilock and cybersecurity news, articles, and updates.

You're on the list! Keep an eye out for news from Plurilock.