Latitude Finance (GEM Visa) - Data Breach (March 2023)

Please note this sub-forum does not provide professional finance advice. You should seek advice from a licensed financial advisor.

To post in this sub-forum you must have made 100 posts or have Trust status or have completed our ID Verification.

If investing please consider our affiliate link for new accounts: Sharesies.

Forums › Finance and wealth management › Latitude Finance (GEM Visa) - Data Breach (March 2023)

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8

2780 posts

Uber Geek

#3058511 3-Apr-2023 15:18

I, surprisingly, haven't yet been notified of being affected, outside the initial general emails they sent out saying the breach had occurred. I have used at least 2 Latitude-based services within the past 5 years (GEM Visa & Genoapay - though not a current customer), so I'm pretty sure they have a ton of detail about me. I haven't managed to track down specific dates, I think it was shortly before I renewed my license (so version number etc would differ), but may have been just after. Maybe I should replace it anyway, sigh.

richms

28168 posts

Uber Geek

Trusted

Lifetime subscriber

#3058547 3-Apr-2023 17:15

Amazon emailed again to update the payment method. Got thru to gem pretty quickly and they said that there is plenty on the card (I know, I can see that in the online) and that there is no problem and there was no attempt to charge it.

Will give it one more update before I just give up and put the order on my ASB visa and tell gem where they can take their faulty card and the yearly fee for it.

Richard rich.ms

DjShadow

4084 posts

Uber Geek

ID Verified

Trusted

#3063277 13-Apr-2023 16:11

https://www.stuff.co.nz/business/300851011/latitude-refuses-to-pay-hackers-ransom-demand

TL:DR, a Ransom demand has been made to Latitude which they are refusing to pay and 20% of New Zealanders caught up in this.

nic.wise

333 posts

Ultimate Geek

Trusted

#3063284 13-Apr-2023 17:01

Yup. I'd very much prefer they don't pay it. (and I'm a customer)

Nic Wise - fastchicken.co.nz

PolicyGuy

1726 posts

Uber Geek

ID Verified

Lifetime subscriber

#3063320 13-Apr-2023 19:34

One of my children is caught up in this.
They had a GE Money / GEM Visa card for less than six months* more than a decade ago.

This shows that Latitude was - probably still is - retaining Personally Identifying Information (PII) for far, far longer than is appropriate. I've suggested to the person that they see if they can get Latitude to pay for them to get a new Driver's License with a new number, not just a new suffix, and also complain to the Privacy Commissioner (here: https://www.privacy.org.nz/your-rights/making-a-complaint/complaint-self-assessment/) about Latitude inappropriately retaining PII and then allowing it to be stolen.
😡😡😡

* Once I found out what the effective interest rate was, the debt was speedily replaced with a Bank Of Dad loan on much more favourable terms. 😀

mudguard

2113 posts

Uber Geek

#3063344 13-Apr-2023 20:42

PolicyGuy:

One of my children is caught up in this.
They had a GE Money / GEM Visa card for less than six months* more than a decade ago.

It is a little more difficult than it looks. Companies have to retain documentation for 5-7 years after the last interaction or something like that. I should know, I have to do AML stuff for the finance company I work for and suspect I'm about to fail miserably. But from memory the timeframe isn't necessarily when you signed up for something.

That said. I shut an unused GEM card down about four years ago, ahem, my employer provided it with no annual fee. So I've duly got the email saying my licence has been included a week ago or so. But as far as I can tell, because the photo hasn't been compromised, I don't need to change it.

Oblivian

7296 posts

Uber Geek

ID Verified

#3068488 27-Apr-2023 18:18

It's getting better..

Made the news tonight that loan application details, income and bank acct numbers were also revealed

https://www.9news.com.au/national/almost-300000-latitude-hack-victims-employment-income-expenses-assets-and-liabilities-exposed-and-stolen-exclusive/49e27316-f19a-4bc1-8eab-ff49e071de58

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

kiwiharry

1030 posts

Uber Geek

ID Verified

Subscriber

#3068489 27-Apr-2023 18:20

They've now reported that banking info has also been leaked.

Latitude hack: 90,000 Kiwis have bank details exposed

Approximately 90,000 customers in New Zealand have had their personal banking numbers as well as income and expense information used to assess loan applications exposed.

Edit: Snap

If you can't laugh at yourself then you probably shouldn't laugh at others.

wellygary

8312 posts

Uber Geek

#3068491 27-Apr-2023 18:33

kiwiharry: They've now reported that banking info has also been leaked.

Latitude hack: 90,000 Kiwis have bank details exposed

Approximately 90,000 customers in New Zealand have had their personal banking numbers as well as income and expense information used to assess loan applications exposed.

Edit: Snap

You've gotta love the serious spin doctoring from Latitude,

The event:

"their personal banking numbers as well as income and expense information used to assess loan applications exposed."

The response:

"A spokesperson for Latitude Financial said no passwords were stolen, and these new details are a “sub-set of the previous numbers we’ve disclosed.”

... Oh well thats OK then .........

michaelmurfy

meow
13240 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#3068612 28-Apr-2023 00:32

So the other week I got an email from Latitude to say I've been exposed to this breach. It is to my domain (which only I use) however came in under the name "Petra" and was sent to "petra@...." - I don't have anyone on my domain called Petra nor has that email ever been used.

I can only assume I've been pwned. Who is Petra? Not sure, but this is not adding any confidence they're keeping their customers safe by also potentially disclosing PII as part of the breach notification emails.

I encourage everyone to sign up to https://www.latitudedatabreach.com.au/ - because honestly, this whole thing is a total shambles and the breach keeps getting worse.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

MaxineN

Max
1772 posts

Uber Geek

ID Verified

Trusted

Subscriber

#3072341 4-May-2023 15:36

I have just gotten the email informing me that my details have been apart of the breach.

However it's all under a very old and dead name that I haven't used and all of my ID is up to date with my new name and has been for years.

I wonder how this actually affects me.

Ramblings from a mysterious lady who's into tech. Warning I may often create zingers.

DjShadow

4084 posts

Uber Geek

ID Verified

Trusted

#3072348 4-May-2023 16:22

I've just had the e-mail from Latitude to say my details have been leaked, guess I'm off to the AA on Saturday.

mudguard

2113 posts

Uber Geek

#3072350 4-May-2023 16:26

DjShadow:

I've just had the e-mail from Latitude to say my details have been leaked, guess I'm off to the AA on Saturday.

Was a photo of your licence leaked?

corksta

2397 posts

Uber Geek

Trusted

Subscriber

#3072357 4-May-2023 16:50

I got the email too. Basically everything about me has been taken except the photo of my licence. The email provided a link to have my licence replaced at their cost so I’ll go ahead with that.

Distorter

220 posts

Master Geek

#3072359 4-May-2023 16:59

Closed my account with them yesterday and they waved the annual fee that was on my account.

Thought it was the least they could do for exposing my info.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8