Latitude [owner of 28 Degree MC] suffers Cyber attack, personal info stolen

[SYD]

AFAIK all the states were implementing this. Just that some were.further along the implementation paths than others.
I think you need both numbers as part of the I'd process.

NSW DL has required both numbers for online ID checks for several years.

 

[TheRealTMA]

In NSW there are two numbers. The licence no. stays the same but the card number changes when you renew. I'm unsure whether one/both is required as proof of identity.

Same in QLD

 

[MEL_Traveller]

With no overseas travel, I have not used my 28deg card for many years.
I assume it is still current but have received no news from Latitude about security.. mayhaps no news is good news...

I don't believe that the 28 degrees Mastercard or it's later variation was affected by the data breach. I think the breach involved third party companies that use other financial services offered by latitude.

 

[SYD]

I don't believe that the 28 degrees Mastercard or it's later variation was affected by the data breach. I think the bridge involved third party companies that use other financial services offered by latitude.

It’s still unclear what the impacts are. I just received my latest statement but non of the transactions are showing in app or online.

New transactions appear as “Pending” for a day or two and then disappear. The Balance is correct but you can’t see why. Slightly frustrating when OS.

There’s a message in app alerting to this anomaly.

 

[Sale]

Received an email from Latitude 31/3 saying in part:

"We have so far identified that the attack resulted in the following kinds of your personal information being compromised. This information was collected from you at the time you applied for credit from Latitude or our predecessor companies.

Unless we have explicitly notified you, images of your identification document(s) have not been compromised.

• The licence number on the driver licence you provided us as part of your application.
• The personal information you provided us as part of your application which, where applicable, included your full name, address, date of birth and phone number.

If we identify any other of your personal information has been compromised, we will notify you as quickly as possible."

I'm feeling pretty p..ed that the news first broke on 16/3 and and it has taken them this long to contact me. I've had my 28 Degree card for at least 10 years - it's now locked and I'm not even sure whether to cancel it yet or wait a bit. It certainly won't ever be reactivated!

 

[Scr77]

This email was the first correspondence I received from latitude and i cancelled card a year ago. The email is terribly written and confusing. The line about ”your image” should be under the list of ID that was taken.

 

[MEL_Traveller]

I got the same thing.

I was actually slightly impressed that it looks like they have actively worked with state governments to find solutions to the ID issues… looks like we’ll get new driver licences, and we don’t have to do that ourselves… VicRoads for example will proactively contact affected persons in Victoria.

That’s actually a better model than the other data breaches where we’re left to fend for ourselves.

 

[SYD]

Still nothing direct from Latitude which optimistically could mean my details haven’t been accessed but I guess I’ll have to wait and see. Fortunately I’ve replaced my DL since this and other recent hacks. So no requirement for a new one.

I’m actively using my card OS at the moment.

 

[RooFlyer]

looks like we’ll get new driver licences, and we don’t have to do that ourselves… VicRoads for example will proactively contact affected persons in Victoria.

I got the e-mail - where do you read the 'proactive' bit? I don't think Latitude could contact VicRoads and say to them "Hey, ABCDEF of [address] has had their Drivers Licence compromised, if you get in touch with them, we'll cover the costs" - that would be a breach of 'privacy' (I wouldn't care, but I think that's the standard these days).

This is what my letter said:

Replacement of identity documents
Please visit our website latitudefinancial.com.au/latitude-id-information and go to the relevant identify document page for guidance on what to do.
Please read the guidance carefully. In many cases, you may not need to replace your identity document.
We are working with government agencies/departments to streamline the process and avoid you being charged for any required replacement of your licence.
If you choose to replace your licence before this process has been set up, Latitude will reimburse you for the replacement cost. Please retain a copy of your payment receipt and we will advise you of the reimbursement process once our system functionality has been restored.

I read this as they will auto cover costs when its been set up and if you choose to replace your DL beforehand, then they will reimburse, which is the least of what I'd expect.

I'm going O/S in a few weeks and called the Tasmanian DL mob to see what the go was. If I could provide evidence (e-mail) etc that my DL has been hacked, they would re-issue at no charge. I don't know if the generic e-mails we've received so far would suffice, but I decided against it, as the new licence may not arrive before I depart, and I'm hiring cars overseas.

 

[MEL_Traveller]

I got the e-mail - where do you read the 'proactive' bit? I don't think Latitude could contact VicRoads and say to them "Hey, ABCDEF of [address] has had their Drivers Licence compromised, if you get in touch with them, we'll cover the costs" - that would be a breach of 'privacy' (I wouldn't care, but I think that's the standard these days).

This is what my letter said:



I read this as they will auto cover costs when its been set up and if you choose to replace your DL beforehand, then they will reimburse, which is the least of what I'd expect.

I'm going O/S in a few weeks and called the Tasmanian DL mob to see what the go was. If I could provide evidence (e-mail) etc that my DL has been hacked, they would re-issue at no charge. I don't know if the generic e-mails we've received so far would suffice, but I decided against it, as the new licence may not arrive before I depart, and I'm hiring cars overseas.

Clicking in the link I get the following:

Shortly, VicRoads will directly contact impacted customers to confirm their licence details have been flagged on the Victorian Licensing Registry and when they can expect to receive their new card.​

and​

This will be a centrally-managed process for impacted Victorians customers. You do not need to do anything, but VicRoads requests that you update your current address if you have recently moved.​

That seems to me that VicRoads has my details and whether compromised.

Of course it might be different in other states, but while I’m not happy about the breach, I can now understand why they have waited to sort everything out and streamline the process.

 

[RooFlyer]

Clicking in the link I get the following:

Shortly, VicRoads will directly contact impacted customers to confirm their licence details have been flagged on the Victorian Licensing Registry and when they can expect to receive their new card.​

and​

This will be a centrally-managed process for impacted Victorians customers. You do not need to do anything, but VicRoads requests that you update your current address if you have recently moved.​

That seems to me that VicRoads has my details and whether compromised.

Of course it might be different in other states, but while I’m not happy about the breach, I can now understand why they have waited to sort everything out and streamline the process.

Ah, thanks. I see now. For Tas it says

If we have notified you that your driver licence number has been compromised (but have not notified you that the image of your driver licence has been compromised), you may not need to replace your licence. This is because only your driver licence number has been impacted and not also your card number.

For information on how to replace your licence visit Service Tasmania shopfront or visit www.service.tas.gov.au/services/me-and-my-identity/personal-information-card/personal-details-compromised-in-a-cyberattack-identity-theft-or-fraud

That takes me to a page telling me what I found out on my phone call.

I've received no notifications other than the generic ones, so I would appear to be OK - so far. Nothings to say I won't be notified in the future!!

their licence details have been flagged on the Victorian Licensing Registry

Vic obviously well set up for this sort of thing!

 

[MEL_Traveller]

Ah, thanks. I see now. For Tas it says



That takes me to a page telling me what I found out on my phone call.

I've received no notifications other than the generic ones, so I would appear to be OK - so far. Nothings to say I won't be notified in the future!!



Vic obviously well set up for this sort of thing!

I share your surprise, in a way, that a bank and VicRoads are sharing details so freely… but hey… Inguess the details are already in the [dark] web somewhere so why not?

I wondered yesterday at a major retailer when I was picking up a ‘click and collect’ for a friend, and they asked to copy my ID, whether or not we’d ever come up with a better system? Either a microchip, or we simply won’t care and ID issues will be an everyday routine matter?

 

[RooFlyer]

I share your surprise, in a way, that a bank and VicRoads are sharing details so freely… but hey… Inguess the details are already in the [dark] web somewhere so why not?

I wondered yesterday at a major retailer when I was picking up a ‘click and collect’ for a friend, and they asked to copy my ID, whether or not we’d ever come up with a better system? Either a microchip, or we simply won’t care and ID issues will be an everyday routine matter?

you may not copy my passport, which is a secure document.
It looks like Vic have set up a registry where a third party can somehow 'flag' a problem and the registry can then act accordingly. Maybe corporates etc who announce they have been compromised can apply to access the flag? Maybe that's giving too much credit!

Copying ID by retailers is a crock and should not be allowed without govt. demand. I've had a number of battles with hotels overseas who routinely want to photocopy my passport ID page on check-in. I tell them - "No, look, its me, you have identified me, the credit card is the same. End of issue". I can't recall when I've lost.

Grog shops in the NT take an image of the front of your drivers licence when you make a purchase. A govt edict though; God knows where those images go (eg secure link to Govt database, OR stored locally in the grog shop ).

 

[Scarlett]

you may not copy my passport, which is a secure document.

Copying ID by retailers is a crock and should not be allowed without govt. demand. I've had a number of battles with hotels overseas who routinely want to photocopy my passport ID page on check-in. I tell them - "No, look, its me, you have identified me, the credit card is the same. End of issue". I can't recall when I've lost.

What is your back up plan for when a hotel (probably some automaton unable or not authorised to think for themselves) delivers the “well then you’re not staying here” line? Moreso when (as is more common) the stay has been prepaid.

I’m interested as I’d prefer to use the same process but it’s not something I’d walk out over.

 

[RooFlyer]

What is your back up plan for when a hotel (probably some automaton unable or not authorised to think for themselves) delivers the “well then you’re not staying here” line? Moreso when (as is more common) the stay has been prepaid.

I’m interested as I’d prefer to use the same process but it’s not something I’d walk out over.

Good question . Would depend where I was / convenient alternatives available. If no other option, I'll fold. In fact, I think I did fold once, but on the condition that I got the photocopy back on departure. I did, and they probably kept another copy, but honour was satisfied.

If its pre-paid, they have even less reason to ask to retain identity copy, again, unless mandated by the govt.

 

[Scarlett]

I don't believe that the 28 degrees Mastercard or it's later variation was affected by the data breach. I think the breach involved third party companies that use other financial services offered by latitude.

I’d partially agree.
My only dealing with Latitude is because I hold the 28 deg card and yet I’m getting the same compromised details messages as everyone else.

Did you mean that you don’t believe actual 28deg card numbers, expiry, ccvs etc have been compromised, or only details of the cardholders themselves compromised?

Having got the latest email (sort of useless*…) I fully expect that my old drivers license, address, old phone number and maybe email address have been compromised. None of the first three pieces of info are valid any more but email remains the same. As I don’t get much spam email I wonder if this will change in the near future?

* I say sort of useless as it’s poorly worded to suggest that some of my info may have been compromised, but doesn’t say what. Then goes on to confuse the issue by noting the bit about ‘images of your documents’. So the info has (presumably from a database) but an image of my drivers license hasn’t? Are they just saying that a picture of me is not associated with the compromised data?

 

[Mattg]

I got the notification email today.

The annoying part is that I'm no longer even a Latitude customer (and wasn't when the cyber attack occurred). Why do they still have my driver licence number on file?

 

[OATEK]

I got the notification email today.

The annoying part is that I'm no longer even a Latitude customer (and wasn't when the cyber attack occurred). Why do they still have my driver licence number on file?

Judging by other recent hacks it is standard practice to just keep it all forever. No email yet about what data has been compromised re my 28Degrees card, but I am sure it will come.

 

[Mattg]

Judging by other recent hacks it is standard practice to just keep it all forever.

It begs the question - why is this standard practice? Why do they need to retain this data forever?

 

[TheRealTMA]

you may not copy my passport, which is a secure document.

For European hotels, it’s a legal requirement to take a copy of the guests passport in most countries.