Financial services company Latitude Financial is under investigation by Australia and New Zealand’s privacy watchdogs following the biggest data breach in Australia’s history.  

The Office of the Australian Information Commissioner (OAIC) and the New Zealand Office of the Privacy Commissioner (OPC) have commenced a joint investigation into the personal information handling practices of Latitude Financial. 

In March of this year, Latitude Financial announced that over fourteen million of its customer’s personal data have been stolen during a cyber security attack.  

The data was said to include drivers’ licences and passport numbers of Latitude’s customers. 

“This is the first joint privacy investigation by Australia and New Zealand and reflects the impact of the data breach on individuals in both countries,” the OAIC’s statement read. 

“The investigation will allow the efficient use of both agencies’ resources and reduce the regulatory impact on Latitude.” 

The investigation will focus on the steps the financial services company took to protect the personal information they held from misuse, interference, loss, unauthorised access, modification or disclosure. 

It will also investigate whether or not Latitude took reasonable steps to destroy or de-identify personal information that was no longer required. 

“If the investigation leads to a finding that Latitude has breached one or more of the Australian Privacy Principles, then the Australian Information Commissioner and Privacy Commissioner may make a determination that can include requiring Latitude to take steps to ensure the act or practice is not repeated or continued, and to redress any loss or damage,” the OAIC statement said.  

“If the investigation finds serious and/or repeated interferences with privacy in contravention of Australian privacy law, then the Commissioner has the power to seek civil penalties through the Federal Court of up to $50 million for each contravention.” 

In an article from the Australian Financial Review, Latitude states that it had been working closely with the OAIC and the OPC since the cyberattack “and will continue to fully cooperate as they undertake their investigation”.  

The Latitude data breach is just one of the latest high-profile cybercrimes that have plagued Australia, following the cyber attacks on Optus and Medibank last year. 

Eliza Sayon

Website | + posts

Eliza is a content producer and editor at Public Spectrum. She is an experienced writer on topics related to the government and to the public, as well as stories that uplift and improve the community.

• Developing an effective data ecosystem
• The journey of building an ecosystem through data
• NZ government strengthens data privacy laws against third parties
• eSafety Commissioner issues legal notice against Twitter