Get all your news in one place.
100’s of premium titles.
One app.
Start reading
ABC News
ABC News
Business
business reporter Kate Ainsworth

Coles confirms its customers impacted by Latitude Financial data breach

Coles has confirmed that card holders have been affected by the Latitude data breach. (Supplied: Pxhere)

Supermarket giant Coles has confirmed it has been impacted by the Latitude Financial data breach, saying personal information used to issue historical Coles-branded credit cards has been stolen by a cyber criminal group.

Last month, Latitude told the ASX it had been affected by a cyber attack that had affected 330,000 customer records.

On March 27, the company confirmed that criminals had stolen 14 million customer records, with a large portion dating back to 2005.

Personal information included drivers' licence numbers, names, addresses and dates of birth that were compromised in the breach, along with thousands of passport numbers.

Latitude was previously owned by GE Money, which was responsible for issuing Coles- and Myer-branded credit cards, until GE Money sold its financial business in Australia to a consortium who then created Latitude Financial.

In a statement on Saturday afternoon, Coles confirmed it has been informed by Latitude that its credit card offering had been impacted by the breach, but has not said how many customers have been impacted.

A spokesperson for Latitude Financial has confirmed that historical Coles credit card owners have been impacted by the data breach, and is in the process of contacting affected customers.

“We are disappointed that this cyber incident has taken place and apologise for the inconvenience and uncertainty created,” a Coles spokesperson said.

Coles moved its financial services to Citibank, which is owned by NAB, in 2018.

Ransom demanded

On Tuesday, Latitude confirmed it has been contacted by the group behind the hack demanding ransom but would not pay them.

Latitude has told the ASX that the cyber attack occurred after a third-party program was breached by the criminal group, which then used Latitude employee details to gain access to the data, but did not confirm how much money was demanded by the criminal group.

Since then, Latitude has not disclosed which third-party platform was involved in the breach, nor has it said which criminal group is behind the demands.

Myer — which also had a branded Visa credit card through GE Money — has been contacted for comment, as has Latitude Financial.

Latitude Financial — and, formerly GE Money — provided interest-free credit cards and personal loans for several major retailers, including Harvey Norman, The Good Guys, JB HI-Fi, Apple and Amart Furniture.

In the mid-2000s, Coles and Myer credit cards were one of the most popular credit cards in Australia. 

The Latitude Financial data breach is the largest-known data breach in Australia to date.

It follows past cyber breaches of Optus, Medibank, MyDeal and NGS Super.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.