In March 2023, Latitude Financial — one of Australia’s largest consumer finance companies — suffered one of the most significant data breaches in Australian history. Over 14 million customer records were stolen, affecting millions of Australians and New Zealanders who had applied for credit cards, personal loans, or buy-now-pay-later products.
What Data Was Stolen?
The Latitude breach was severe because of the type of data exposed — not just emails and passwords, but government-issued identity documents:
- 7.9 million driver’s licence numbers (including 3.2 million issued in the last 10 years)
- 53,000 passport numbers
- 6.1 million records including dates of birth, phone numbers, and addresses
- Financial account details and credit application data
This makes the Latitude breach uniquely dangerous. Unlike a password breach — which you can fix by changing your password — a stolen driver’s licence or passport number can be used for identity fraud for years.
Was I Affected?
You may be affected if you ever:
- Applied for a Latitude credit card (Harvey Norman, David Jones, Suncorp, or Latitude branded cards)
- Took out a Latitude personal loan
- Used Latitude Pay, Gem Visa, or GO Mastercard
- Applied for interest-free finance at Harvey Norman, The Good Guys, or JB Hi-Fi
Even if you applied and were rejected, your data was likely stored — and potentially stolen.
What Should You Do Right Now?
1. Check if your email was exposed
Start with a free breach check to see every service where your data has been compromised. Check your email here →
2. Place a credit ban
Because driver’s licence and passport numbers were stolen, the most important step is placing a credit ban on your file. This prevents anyone from taking out credit in your name.
Contact all three Australian credit bureaus:
- Equifax: 13 83 32 or equifax.com.au
- Experian: 1300 783 684 or experian.com.au
- illion: 1300 734 806 or illion.com.au
A credit ban is free and lasts until you remove it. You can still use your existing credit — it only blocks new applications.
3. Consider renewing your driver’s licence
Several state governments offered free licence renewals after the Latitude breach. Contact your state’s transport authority to check current options. A new licence number makes the stolen one worthless.
4. Monitor your accounts closely
Watch for unexpected credit enquiries, new accounts you didn’t open, or unusual activity in your existing financial accounts. Set up transaction alerts with your bank.
5. Beware of targeted scams
With your name, DOB, address, and licence number, scammers can run highly convincing impersonation attacks. Be extremely sceptical of any contact claiming to be from a financial institution, even if they know your details.
What Did Latitude Do?
Latitude notified affected customers and offered free credit monitoring. However, they controversially refused to pay the ransom demanded by the attackers (ALPHV/BlackCat ransomware group), meaning the data was likely published on dark web forums.
The Office of the Australian Information Commissioner (OAIC) launched an investigation. The Australian Cyber Security Centre (ACSC) also provided guidance to affected customers.
The Bigger Picture
The Latitude breach followed just months after the Optus and Medibank breaches, raising serious questions about how Australian companies store and protect sensitive personal data. The Privacy Act 1988 requires organisations to take reasonable steps to protect personal information — but “reasonable” is being tested hard.
Under the Notifiable Data Breaches scheme, Latitude was required to notify affected individuals and the OAIC. The long-term consequences for affected Australians — particularly those whose government IDs were stolen — may take years to fully materialise.
Get a Full Assessment
If you were a Latitude customer, a comprehensive privacy audit will tell you exactly what data about you is circulating online, what your identity theft risk is, and exactly what steps to take. Book a Personal Audit for $99 →