Save articles for later
Add articles to your saved list and come back to them any time.
The Australian and New Zealand privacy commissioners have announced a landmark joint investigation into the hack of Latitude Financial, which exposed personal details of most of its consumer finance customers sourced from retailers such as Harvey Norman, JB Hi-Fi, Coles and Apple.
The investigations could help class action lawyers win compensation for the 14 million customers who had their details stolen in March in what could be the biggest data breach ever reported in Australia.
The stolen information, which includes the driver’s licence numbers of 7.9 million Australian and New Zealand customers, covers the majority of current and former Latitude customers.
Harvey Norman customers who signed up for interest-free loans are among those impacted by the Latitude cyberattack.Credit: Scott Barbour
The Office of the Australian Information Commissioner (OAIC) and the New Zealand Office of the Privacy Commissioner (OPC) announced the joint privacy investigation on Tuesday, saying the collaboration would efficiently use both agencies’ resources and reduce the regulatory impact on Latitude.
“It does not preclude the OAIC and OPC reaching separate regulatory outcomes or making separate decisions regarding the most appropriate regulatory response to a breach,” the OAIC said.
The commissioners will investigate whether Latitude took reasonable steps to protect the personal information it held, and will also consider whether Latitude took reasonable steps to destroy or de-identify personal information that was no longer required.
In Australia, breaches of privacy law can be penalised with a fine of up to $50 million for each incident as well as compensation for victims to redress any loss or damage.
The federal government recently announced it would appoint a dedicated privacy commissioner for the first time since 2015 to respond to the wave of severe hacks that have led many Australians’ personal data to be exposed to criminals.
Law firms Gordon Legal and Hayden Stephens and Associates (HSA) have said they are investigating potential legal action against Latitude Financial over the cyber incident.
Meanwhile, ASX-listed enterprise software group TechnologyOne said it has also been hacked. The company said it found that an unauthorised third-party acted illegally to access its internal Microsoft 365 back-office system.
“TechnologyOne’s customer-facing SaaS platform is not connected to the Microsoft 365 system and therefore has not been impacted,” the company announced after putting its stock into a trading halt.
“Once the investigation is further progressed, we will be in a position to contact those who may be affected to work with them on the ongoing safety of their data.”
The Brisbane-based company’s customer base includes many local government and councils.
The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.
Most Viewed in Business
From our partners
Source: Read Full Article