"Latitude Financial Refuses to Pay Ransom"

A leading Australian lender has refused to pay online extorters demanding a ransom for the personal data they stole on an estimated 14 million customers.  Latitude Financial CEO, Bob Belan, stated that paying the threat actors would bring no guarantees that they would destroy the data as promised.  He noted that it would only encourage further extortion attempts on Australian and New Zealand businesses in the future.  A recent study from Trend Micro found that firms like Latitude Financial are now in the majority.  Only an estimated 10% of victim organizations actually pay their extorters today, and because of the relatively small share, they’re usually forced to pay more per compromise than in years past.  Trend Micro calculated using AI tools that those companies who pay are effectively subsidizing between six and 10 new cyberattacks.  Latitude Financial initially claimed that a March breach had only resulted in the loss of around 100,000 identification documents and 225,000 customer records.  However, it was soon forced to recalculate these figures, admitting that the hackers had taken 7.9 million Australian and New Zealand driver’s license numbers, plus 6.1 million records dating back to 2005, including names, addresses, telephone numbers, and dates of birth.  It is still unclear which ransomware group was behind the attack, although a compromised employee credential is thought to have provided initial access to the network.  Latitude Financial is Australia’s largest non-bank lender, providing buy now, pay later (BNPL) services to many domestic retailers.

Infosecurity reports: "Latitude Financial Refuses to Pay Ransom"