Latitude said it has been hit by a “sophisticated and malicious cyberattack” that has resulted in around 103,000 identification documents and 225,000 customer records being stolen by the attacker.
The personal lender said “unusual activity” had been detected on its systems in the last few days, and is “believed to have originated from a major vendor used by Latitude”.
It appears the attacker stole Latitude employee log-in credentials from one technology vendor and used them to log into two other service providers to steal customer files and ID documents.
Latitude shares entered a trading halt just before the incident was announced to the ASX before the market opened on Thursday.
It said it was continuing to respond to the attack and “doing everything in its power to contain the incident and prevent the theft of further customer data”.
The breach comes a month before chief executive Ahmed Fahour is due to leave the struggling lender and be replaced by the head of its money unit, Bob Belan.