Financial services company Latitude Group has been hacked with almost eight million identification documents stolen.
The company said the hack was detected around two weeks ago, with the criminals accessing 7.9 million drivers licences, 53,000 passport numbers and around 100 customers monthly financial statements.
Of the drivers licences, 3.2 million, or 40 per cent, provided to the company in the last 10 years.
"Our people are working around the clock to contain the attackers," Latitude said in a statement.
Latitude admitted in the statement that an additional 6.1 million records dating back to at least 2005 were also poached in this month's hack, including names, addresses, telephone numbers and dates of birth.
The financial services company offers loans, credit cards and insurance policies to Australian and New Zealand customers.
Latitude Financial has been targeted by a cyber-attack resulting in the theft of personal information including identification documents.
The company's CEO Ahmed Fahour said a full review would be conducted.
"We recognise that today's announcement will be a distressing development for many of our customers and we apologise unreservedly," the company said.
"It is hugely disappointing that such a significant number of additional customers and applicants have been affected by this incident," Mr Fahour said.
The hack affects almost eight million Latitude customers in Australia and New Zealand.
In October 2019, LatitudePay, Latitude's digital payments platform announced it had partnered with national retailers including Forty Winks, Prouds, Angus and Coote, Goldmark, Bing Lee and Harvey Norman, but it's not clear if any associated data was accessed in the hacks.
Latitude said 60 per cent of the data stolen is from customers who have been with the financial services company for more than 10 years, and 3.2 million hacked records came from more recent customers.
"We are writing to all customers, past customers and applicants whose information was compromised outlining details of the information stolen and our plans for remediation," the company said.
Latitude said they're contacting affected customers directly, talking through what's been stolen and the best course of action.
This process is likely to take a few days and customer's patience is appreciated, Latitude said.
The company said they are working with cyber-security experts, the Australian Cyber Security Centre, the Australian Federal Police and relevant government agencies.
IN OTHER NEWS:
Customers should be aware scammers can use the confusion of a hack to gain further data by impersonating the breached organisation.
Cyber security organisation IDcare warn that any communication about the hack could be from scammers, so keep passwords and codes private and don't give remote access to devices.
Existing Latitude customers can continue to make transactions on their Latitude credit card, the company said on March 23.
"We will help [customers] replace identification documents, where necessary, at no cost," Latitude said.
Sign up for our newsletter to stay up to date.