Supermarket giant Coles has confirmed it has been impacted by the Latitude Financial data breach, saying personal information used to issue historical Coles-branded credit cards has been stolen by a cyber criminal group.
Last month, Latitude told the ASX it had been affected by a cyber attack that had affected 330,000 customer records.
Personal information included drivers' licence numbers, names, addresses and dates of birth that were compromised in the breach, along with thousands of passport numbers.
In a statement on Saturday afternoon, Coles confirmed it has been informed by Latitude that its credit card offering had been impacted by the breach, but has not said how many customers have been impacted.
A spokesperson for Latitude Financial has confirmed that historical Coles credit card owners have been impacted by the data breach, and is in the process of contacting affected customers.
“We are disappointed that this cyber incident has taken place and apologise for the inconvenience and uncertainty created,” a Coles spokesperson said.
Coles moved its financial services to Citibank, which is owned by NAB, in 2018.
Ransom demanded
On Tuesday, Latitude confirmed it has been contacted by the group behind the hack demanding ransom but would not pay them.
Latitude has told the ASX that the cyber attack occurred after a third-party program was breached by the criminal group, which then used Latitude employee details to gain access to the data, but did not confirm how much money was demanded by the criminal group.
Since then, Latitude has not disclosed which third-party platform was involved in the breach, nor has it said which criminal group is behind the demands.
Myer — which also had a branded Visa credit card through GE Money — has been contacted for comment, as has Latitude Financial.
Latitude Financial — and, formerly GE Money — provided interest-free credit cards and personal loans for several major retailers, including Harvey Norman, The Good Guys, JB HI-Fi, Apple and Amart Furniture.
In the mid-2000s, Coles and Myer credit cards were one of the most popular credit cards in Australia.
The Latitude Financial data breach is the largest-known data breach in Australia to date.
It follows past cyber breaches of Optus, Medibank, MyDeal and NGS Super.