Latitude data breach prompts call to outlaw ransom payments in Australia
Australia is pressured to outlaw paying cyber ransoms, especially with cryptocurrency, after a significant data breach hit Latitude Financial. It is the country’s most significant cyber attack to date, compromising sensitive information like driver’s license numbers, passports, and financial records.
On March 16, Australian financial institution Latitude Financial announced it had been the victim of a cyber attack. The company updated its position on April 11, revealing that it had received a ransom demand, which it refused to pay:
“Paying a ransom will be detrimental to our customers and cause harm to the broader community by encouraging further criminal attacks.”
In total, 7.9 million Australian and New Zealand driver’s license numbers, 6.1 million customer records, 53,000 passport numbers, and 100 customer financial statements were stolen in the attack.
The Australian Cyber Security Centre (ACSC), the country’s leading cybersecurity agency, advises victims of ransomware attacks never to pay a ransom. However, there is no legal prohibition on paying ransoms in Australia, and many in the tech industry are now calling for this to change.
Cybersecurity experts have suggested that outlawing payments would deter criminals, reducing the number of ransomware attacks.
The director of the cybersecurity firm CyberRisk, Wayne Tufek, said that making ransom payments illegal would discourage criminals from continuing to launch attacks. Meanwhile, Andrew Truswell, director of technology law firm Biztech Lawyers, believes that a law restricting ransom payments should be considered.
Clare O’Neil, Australia’s Cyber Security Minister, is weighing the pros and cons of outlawing ransom payments. She is considering suggestions from a review of the country’s cybersecurity strategy led by Andy Penn, the former CEO of telecommunications firm Telstra. Australia is a particularly attractive target for cybercriminals due to its relative prosperity.
The identity of the ransomware group responsible for the attack on Latitude Financial remains unknown. However, it is believed that an employee’s compromised credentials may have been the initial entry point into the network.
Latitude Financial is Australia’s largest non-bank lender, providing buy now, pay later (BNPL) services to many domestic retailers.
Cybercriminals cash in on Australia’s prosperity
Down under, Aussies are well-known for flaunting their high median wealth per adult, which tops the charts globally. However, this affluence has also made them an attractive target for cybercriminals, who often leverage cryptocurrencies for ransomware attacks to obscure payment trails and transfer funds across borders. Mixing services like Tornado Cash only adds to the complexity of tracing these payments.
In other Australia-related news, it was reported in early March that Australia’s comprehensive crypto regulation will not be implemented until 2023.