Latitude Financial Services Australia Holdings Pty Ltd (Latitude), the largest non-bank consumer finance company in Australia, has been hit with $1 million lawsuit brought by a former customer who claims the firm’s negligence resulted in his personal details being shared on the dark web.
The lawsuit comes after Latitude was hit by a cyber attack in March this year losing 14 million customer records including 7.9 million Australian and New Zealand driver’s licence numbers and 53,000 passport numbers.
An attack the inaugural National Cyber Security Coordinator, Air Marshal Darren Goldie, named one of the most significant cyber incidents that Australia has experienced over the last year, along with Optus and Medibank.
The former customer initiated proceedings in the Federal Court last month, seeking $1 million in damages, on the basis that Latitude failed to take reasonable steps to protect and secure his data breaching both his privacy and its duty of care to protect him from harm.
If successful, this claim will be an additional expense for Latitude, on top of the current $53 million which, the company revealed, has been set aside to capture both incurred costs and remediation expenses resulting from the cyber breach.
This is a pertinent reminder that the fall out of poor cyber security extends beyond the initial breach. Those personally affected are willing and able to pursue companies which fail to protect and secure its customer data and such breaches may have long lasting and serious financial consequences.
If you or your business organisation would like advice or assistance on how you can best protect or minimise any risk with respect to your technology and information of your business and clients, please reach out to Iain Freeman, Partner in Lavan’s Litigation and Dispute Resolution Team.