Latitude Data Breach - What should you do?
First Optus now Latitude!
GroupSupport are aware of and have been monitoring the details of and fallout from the Latitude Customer Data Hack that has recently been disclosed (March 2023).
The breach is reported by ABC Australia to have been confirmed to affect 7.9 million customers.
Similar to the Optus Data Breach of 2022 the situation is still evolving and will have a huge impact on the Latitude Brand. As with the Optus breach it will continue to add to the growing pressures on organisations and the government to safeguard individuals identifying data. In the last few years the Australian Government has made significant changes to the privacy policy legislation, particularly around penalties for serious breaches. The continuing rise in serious breaches makes the next logical legislative steps to focus on compliance and enforcement.
We should continue to take the lesson from these high-profile breaches as an opportunity to review our own security measures from a business perspective right down to a personal perspective.
The arms race between the malicious groups wanting to illegally obtain and monetize our data, will continue against those building tools and creating legislation to protect us.
GroupSupport will continue to monitor the situation – and will issue updates and advice as relevant.
Over-riding principals
From the business point of view, GroupSupport urge clients to keep up to date with firewall and breach deflection technologies, practices and policies. The appetite / budget for such things is often inadequate, however the consequences of a breach are eye-watering. Clients and suppliers also need to ensure internal standards are high enough to naturally reduce system weaknesses.
It may be advisable to seek insurance for cyber threats, however GroupSupport advise clients to also seek good advice of an agent who knows where to get good / current / salient policies (unfortunately these gems are often hard to find). There are many policies on the market that have a lot of fine print and caution is urged – if in doubt, look around.
Education, including education of staff, is a major benefit in such situations – having multiple sets of trained eyes being aware often means less “threats” will get through.
On all the above GroupSupport have options and information: contact our team for relevant engagement points.
Standard recommended practices
GroupSupport remind clients of the following list of recommendations:
- Change your Passwords reasonably frequently – like a minimum every 60 days.
- Don’t use the same password for everything (try variants that have to do with the login)
- Ensure two-factor authentication (2FA or Multi-FA ) is switched on where possible.
- Try not to use the same combination of secret questions for each account
- Be cautious releasing personal information. Verify those who ring you first, if in doubt, ring back by looking on the web and finding the office number.
Taking action if you are part of the breach and what if you were already part of the Optus breach?
Based on the current information at the time of writing GroupSupport have compiled the following list of recommendations:
- If you are a latitude customer and have an account capable of login, immediately change your password as a precaution.
- Anywhere that you have utilised the same password as your breached Latitude Account needs to have its password changed
- Anywhere you have used the same secret questions needs to have the password changed
- If you have a latitude financial product tied to a credit card or similar, we recommend contacting latitude to issue a new card with a new card number and security number.
- If you are advised that your ID document numbers have been leaked your local Department of Transport needs to be contacted to issue a new license. NOTE if you were a part of the Optus Breach and you supplied your ID documents prior to obtaining a new ID document at the time of the Optus breach then you should not need to replace your drivers licence at this time. If in doubt seek clarification from your Local Department of Transport.
- The Passport Office have to our knowledge not yet made a statement relating to the potential replacement of any leaked identity documents. NOTE during the Optus hack the Passport Office stated that they have additional sophisticated security measures in place that would make a simple scan of a passport an ineffective tool for identification at their level.
- If you have non Latitude financial accounts linked to a Latitude financial product, we would advise vigilance surrounding any transactions made on the account. Should you have any concern immediately raise the matter with your relevant financial institution.
- Stay vigilant for phishing scams which may occur via phone, post or email. Latitude have advised that they will not be requesting passwords from users and NOT to supply them.
- Take extra caution when communicating with companies via phone, do not provide any details over a call that was not initiated by yourself and if in doubt call the company back yourself or attend a physical location.
GroupSupport will continue to monitor the situation and advise on further recommendations as they arise.
