Latitude Financial has received - and refused - a ransom demand following a cyber attack in mid-March.
In an ASX announcement [pdf], the company said it "will not pay a ransom", adding its decision "is consistent with the position of the Australian government."
The company did not disclose the size of the ransom demand.
“We will not reward criminal behaviour, nor do we believe that paying a ransom will result in the return or destruction of the information that was stolen," the company said.
Its advice from cybercrime experts is that paying a ransom will harm its own customers, and will encourage further attacks.
“The stolen data the attackers have detailed as part of their ransom threat is consistent with the number of affected customers disclosed by Latitude in our announcement dated March 27 2023,” the company added.
Its March 27 announcement lifted the number of affected individuals to 14 million, with 7.9 million driver's licences from Australia and New Zealand breached.
The breach also included more than 6 million records collected after 2005, with names, addresses, telephone numbers and birth dates affected.
Latitude said it is still in the process of contacting affected customers, and said it will “complete this process as quickly as we can.”
The company said it has restored regular business operations through its primary customer contact centre, website and mobile app; and new customer originations have also recommenced.
.jpg&h=140&w=231&c=1&s=0)
