Cyber Brief for CFOs: July 2024
All the news, tactics and scams for finance leaders to know about in July 2024.
Update on 28 March, 2023: Since this article’s publication, Latitude Financial has continued to disclose impacts as their forensic investigations continue. At the time of this update, that includes an estimated 7.9 million Australian and New Zealand driver’s licence numbers – around 40% of which were provided to Latitude within the last 10 years – and 53,000 passport numbers stolen.
Around 6.1 million customer records were also accessed, “including some but not all of the following personal information: name, address, telephone, date of birth.”
For the latest updates, subscribe to the Eftsure newsletter.
Consumer financial services provider Latitude Financial is the latest major Australian company to reveal a cyber attack and customer data breach, with around 225,000 customers impacted and nearly 100,000 copies of driver’s licences exposed.
On 17 March, the company entered a trading halt on the Australian Securities Exchange, issuing a statement saying it had detected “unusual activity” on its systems and that it appeared to be a “sophisticated and malicious cyber attack.”
Latitude claims that it has traced the breach to one of its vendors, which – according to the ABC – may have been a back-end infrastructure provider. Through this vendor, the attacker allegedly accessed Latitude employee login credentials and was able to steal personal information held by other vendors.
The business says that it’s currently working with the Australian Cyber Security Centre (ACSC) and has notified law enforcement agencies.
Latitude Financial offers a variety of banking services including loans, insurance and credit cards, as well as consumer financial services for major retailers like JB Hi-Fi, Harvey Norman and Apple. It’s one of the first financial services providers in Australia to suffer a data breach of this scale – a significant development because of the significant amount of personal information required to access loans and other banking services.
When malicious actors access sensitive data, it’s not just the impacted customers who are at risk. Plus, Latitude’s claims illustrate that, often, your security is only as strong as the security of your suppliers and partner organisations.
Accounts Payable (AP) and finance teams should be on high alert since ill-gotten personal information can give fraudsters better opportunities to impersonate trusted contacts and access additional systems and data. Teams are particularly vulnerable when handling supplier payments and acting on bank account change requests.
We saw similar risks with the Optus and Medibank breaches – as the number of major breaches grows, there’s an increasing likelihood that a cyber-criminal might leverage victims’ data for tactics like phishing messages or business email compromise (BEC) attacks.
You can’t control the security practices of suppliers or other external organisations. But you can protect your own organisation’s finances by shoring up internal controls and alerting staff to heightened risks.
Here are some of the steps that CFOs and other finance leaders can take.
All the news, tactics and scams for finance leaders to know about in July 2024.
All the news, tactics and scams for finance leaders to know about in April 2024.
All the news, tactics and scams for finance leaders to know about in February 2024.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.