In The Event Of
L

Latitude Financial Data Breach 2023:
What You Need to Know

Approximately 14 million Latitude Financial customer records were exposed after attackers used stolen employee credentials from a third-party vendor to access Latitude's systems. Here is what happened, what data was leaked, and steps you can take to protect yourself.

Breach date:March 2023
Records affected:~14 million
Risk level:High

Your personal risk from this breach

Sign in or create a free account to see your personalised risk score.

View My Risk

What Happened

How the Latitude Financial Breach Unfolded

16 March 2023

Latitude Financial detected unusual activity on its systems, originating from credentials stolen from a third-party vendor. The company immediately engaged cybersecurity specialists and began isolating affected systems.

20 March 2023

Latitude publicly disclosed the breach, initially reporting that approximately 328,000 customer records had been affected, including 103,000 identity documents (primarily copies of driver licences).

27 March 2023

After further investigation, Latitude revised the affected count dramatically upward to approximately 14 million records spanning current and former customers, applicants, and some merchants across Australia and New Zealand.

April 2023

Latitude confirmed it would not pay any ransom demand and announced it would reimburse affected customers for the cost of replacing compromised identity documents (driver licences and passports).

Sources: ABC News (Mar 2023), OAIC Notifiable Data Breaches Report

What Was Exposed

Personal Data Leaked in the Breach

The scope of data exposed in this breach was extensive. Approximately 7.9 million driver licence numbers were stolen (of which 3.2 million were from the last decade), along with around 53,000 passport numbers, and a limited number of Medicare numbers and financial statements. The breach affected current and former customers, applicants, and some merchants across Australia and New Zealand.

Data TypeRisk LevelWho Was Affected
Full nameHighAll approximately 14 million affected customers
Home addressHighAll approximately 14 million affected customers
Phone numberHighSubset of affected customers
Date of birthHighSubset of affected customers
Email addressHighSubset of affected customers
Driver licence numberHighApproximately 7.9 million customers (3.2 million from the last decade)
Passport numberHighApproximately 53,000 customers
Medicare numberHighLimited subset of affected customers
Financial statementsHighApproximately 100 customers

Risk levels based on the Australian Government's PSPF and OAIC Australian Privacy Principles. Identity documents (driver licence, passport, Medicare) are rated higher due to their direct use in identity verification and fraud.

Confirmed NOT Exposed

Latitude confirmed that no credit card numbers, account passwords, or PINs were compromised. No ongoing access to customer accounts was possible through the breach.

Company Response

What Latitude Financial Did

“Latitude will not pay a ransom to criminals. Payment of a ransom will encourage further criminal attacks against Australian and New Zealand businesses.”
Ahmed Fahour, Latitude Financial CEO (Latitude ASX announcement, April 2023)

Actions Taken by Latitude Financial

  • Immediately isolated affected systems and engaged external cybersecurity experts
  • Notified the AFP, OAIC, and ACSC
  • Refused to pay the ransom demand
  • Committed to reimbursing customers for identity document replacement costs
  • Established a dedicated response page and customer support process
  • Engaged IDCARE to provide tailored case management for affected customers
OAIC Report

What Now?

Steps You Can Take After the Latitude Financial Breach

This breach exposed a significant volume of identity documents, including driver licence passport and Medicare numbers, alongside personal details like name address and date of birth. This combination creates a heightened risk of identity fraud. Here are general best-practice steps, organised by the types of accounts most commonly affected.

Latitude and Financial Accounts

Secure Latitude accounts and review other financial services that may share the same identity details.

Secure your Latitude Financial account

~5 min
It is generally considered best practice to update the password on any Latitude Financial account associated with exposed data. Enabling MFA where available adds a significant layer of protection. Consider reviewing recent account activity for any unauthorised transactions or profile changes.

Review other financial service accounts

Where the same email address, identity documents, or personal details have been used across multiple financial services, consider updating credentials and security settings on those accounts as well. It is worth checking whether other financial accounts share the same email or identity details that were exposed in this breach.

Email and Digital Identity

Strengthening email security is a sensible first step in protecting your broader digital identity.

Strengthen email security

~5 min
Updating the password and enabling MFA on email accounts associated with the breach is widely recommended. It is also worth checking email forwarding rules and connected app permissions, as these can be exploited to silently intercept communications.

Understand your full account exposure

Most people have dozens of online accounts linked to a single email address. When that email is exposed in a breach, understanding which services are connected is a critical first step in assessing personal risk. Tools that map your digital footprint can help identify accounts that may need attention.

Identity Document Protection

With 7.9 million driver licences and 53,000 passports exposed, replacing compromised identity documents is a priority.

Replace exposed identity documents

~30 min
For those whose driver licence or passport number was included in the exposed data, replacing these documents is strongly recommended. A new document number reduces the risk of the stolen number being used in fraudulent identity verification. Latitude offered to reimburse affected customers for replacement costs through its dedicated breach response channels.

Consider a credit ban (very important for this breach)

~20 min
With driver licence name address and date of birth all potentially exposed, fraudulent credit applications are a real concern. Placing a free credit ban with Australian credit bureaus prevents new credit from being opened without additional verification.
Equifax AUExperian AU (formerly Illion)

Set a SIM lock or port-out PIN

~10 min
Where phone number was part of the exposed data, contacting the relevant mobile carrier to set a port-out PIN is a practical safeguard. SIM-swap fraud can be used to intercept verification codes and bypass MFA on other accounts.
Telstra security

Monitoring and Reporting

Australian resources for breach response and identity protection.

Stay alert for targeted phishing

Exposed name email address and identity document details may be used to craft highly convincing phishing messages. Treat any unsolicited contact referencing Latitude Financial account details with caution, and verify directly through official Latitude channels.

Contact IDCARE or report to Scamwatch

IDCARE (1800 595 160) is Australia's national identity and cyber support service and provides free, tailored guidance for people affected by data breaches. Latitude engaged IDCARE directly to support affected customers. Reporting to Scamwatch contributes to broader awareness and helps authorities track emerging threats.

Not sure which of your accounts are affected?

In The Event Of discovers your accounts automatically and alerts you in real time when new breaches affect your data.

Check My Email Free

Are You Still at Risk?

The Hidden Danger: Compound Breach Exposure

The Latitude Financial breach did not happen in isolation. If your data also appeared in other major Australian breaches, the combination of leaked information can build a more complete identity profile.

How breach data compounds

On its own, the Latitude breach exposed names, addresses, dates of birth, and identity document numbers. But if your email also appeared in the Optus or Medibank breaches, the combined data set may include health records, Medicare details, and additional identity verification information. This kind of compound exposure significantly increases the risk of identity fraud.

  • Optus (2022)9.8M records - passport, licence, Medicare numbers
  • Medibank (2022)9.7M records - health claims, Medicare details
  • Latitude Financial (2023)14M records - driver's licence, passport numbers
  • Qantas (2025)5.7M records - name, date of birth, phone, email

If your email appears in two or more of these breaches, your risk level is significantly elevated. In The Event Of can overlay your breach data to show exactly where your exposure compounds, and help you prioritise what to address first.

Were you affected?

Find out in 30 seconds. Free to check.

Check My Email Free

No credit card required.

Frequently Asked Questions

Latitude Financial Breach FAQ

Sources

  1. ABC News: "Latitude Financial hack: 14 million customer records stolen" (Mar 2023)
  2. OAIC: Notifiable Data Breaches Report
  3. Australian Government: Protective Security Policy Framework (PSPF)
  4. OAIC: Australian Privacy Principles

Other Major Australian Data Breaches

Data from multiple breaches can be combined to increase identity fraud risk. Review these guides to understand your full exposure.

Qantas Data Breach 2025

5.7M records exposed

High

Optus Data Breach 2022

9.8M records exposed

Critical

Medibank Data Breach 2022

9.7M records exposed

Critical

MyDeal (Woolworths) Data Breach 2022

2.2M records exposed

High
View all breach guides →

Disclaimer: This guide is provided for general informational purposes only and does not constitute legal, financial, or professional advice. The information is based on publicly available sources at the time of writing and may not reflect the most current developments. In The Event Of Pty Ltd (ABN 38 687 352 647) is not affiliated with Latitude Financial Services Limited. If you believe you have been affected by this data breach, we recommend contacting the relevant authorities and seeking professional guidance specific to your circumstances.