Coles disappointed over Latitude credit card breach

Latitude Financial Services has informed Coles Financial Services of the breach and is currently contacting affected customers.

"We are disappointed that this cyber incident has taken place and apologise for the inconvenience and uncertainty created," a Coles spokeswoman said in a statement.

"As a former service provider, Latitude Financial Services has informed Coles Financial Services that historical Coles credit card holder data has been affected by the recent cyber incident."

The hack, which was detected last month, included details for 7.9 million drivers licences and roughly 53,000 passport numbers among the 14 million stolen customer records.

Latitude had not yet advised Coles of the number of impacted customers or specific details of the breach, the spokeswoman said.

GE Money - which provided branded credit cards with Coles and Myer from 2005 to 2015 - became part of Latitude when it formed in 2015 from GE Australia and a number of financial businesses snapped-up by Varde Partners, KKR and Deutsche Bank.

"In March 2018, Coles Financial Services moved its Credit Cards to Citibank," the Coles spokeswoman said.

"In the event you have any questions about your current Coles Mastercard please visit our Coles Financial Services contact centre page.

On Tuesday, Latitude Financial refused to pay ransom to the cyber criminals for the stolen data, saying it could see no benefit to consumers in rewarding criminal behaviour.

"Latitude will not pay a ransom to criminals," chief executive Bob Belan said.

"Based on the evidence and advice, there is simply no guarantee that doing so would result in any customer data being destroyed and it would only encourage further extortion attempts on Australian and New Zealand businesses."