This is an HTML version of an attachment to the Official Information request 'Latitude Financial Services/Latitude Group communications'.

1982
Act 
Information 
Official 
the 
under 
Released 


1982
Act 
Information 
Official 
the 
under 
Released 

From:
Cutt, Brendon (Latitude Financial)
To:
Jeremy Williams; Julia Wootton
Cc:
Cristian Cornejo
Subject:
Latitude - ASX announcement
Date:
Tuesday, 11 April 2023 11:28:40 am
Attachments:
LFS ASX cyber update 110423.pdf
Hi all
1982
FYI, please find attached Latitude’s latest ASX Announcement. Please note that Latitude will not
be paying any ransom to the threat actor.
Regards, Brendon
Brendon Cutt
Act 
General Manager, Compliance and Conduct Risk
Latitude Financial Services

Confidentiality Disclosure Statement: This email and any attachments may contain legally
privileged, confidential information or copyright material of the sender or third party that
is intended for the use of the intended recipient only. Any confidentiality or privilege is not
waived or lost because this document has been sent by mistake. If you are not the intended
recipient, you must not read, copy, distribute, disclose or use the contents of this email or
any attachments without the consent of the sender or the relevant third party. If you have
received this mail in error, please delete it from your system immediately and notify us and
confirm the deletion by responding to the email address you received this from. Except as
Information 
required by law, the sender does not represent or warrant that the integrity of this email has
been maintained or that it is free from errors, viruses, interceptions or interference. Any
personal information in this document must be handled in accordance with the privacy
laws. Please see our Privacy Policy for information about our privacy practices in Australia
by visiting https://www.latitudefinancial.com.au/privacy/ and in New Zealand by visiting
https://www.gemfinance.co.nz/privacy/.
Official 
the 
under 
Released 


 
Latitude Group Holdings Ltd 
ACN 604 747 391 

 
Level 18, 130 Lonsdale St, 
Melbourne VIC 3000 
latitudefinancial.com 
11 April 2023 
 

1982
 
ASX ANNOUNCEMENT 
 
Cybercrime update 

Act 
 
Latitude Financial (ASX: LFS) has received a ransom demand from the criminals behind the cyber-attack on our 
company. 
 
Latitude wil  not pay a ransom. This decision is consistent with the position of the Australian Government. 
 
We wil  not reward criminal behaviour, nor do we believe that paying a ransom wil  result in the return or destruction 
of the information that was stolen. 
 
In line with advice from cybercrime experts, Latitude strongly believes that paying a ransom wil  be detrimental to 
our customers and cause harm to the broader community by encouraging further criminal attacks. 
 
The stolen data the attackers have detailed as part of their ransom threat is consistent with the number of affected 
Information 
customers disclosed by Latitude in our announcement dated 27 March 2023. 
 
This matter is under investigation by the Australian Federal Police and we continue to work with the Australian 
Cyber Security Centre and cyber-security experts on our response.  
 
We are in the process of contacting all customers, past customers and applicants whose information was 
compromised, outlining details of the information stolen, the support we are providing and our plans for remediation. 
We wil  complete this process as quickly as we can. 
 
Official 
We encourage al  our customers to remain vigilant and alert to potential scam attempts. 
 
To the best of our knowledge, there has been no suspicious activity inside Latitude’s systems since Thursday 16 
March 2023. 
the 
 
Regular business operations are being restored, with Latitude’s primary Customer Contact Centre back online and 
operating at full capacity. We wil  respond to al  customer enquiries as a priority. Customers can also access 
services via the Latitude website and mobile app. New customer originations have also recommenced. 
 
Latitude maintains insurance policies to cover risks, including cyber-security risks, and we have notified our insurers 
in respect of this incident. 
 
under 
Latitude Financial CEO Bob Belan said:  
 
“Latitude wil  not pay a ransom to criminals. Based on the evidence and advice, there is simply no guarantee that 
doing so would result in any customer data being destroyed and it would only encourage further extortion attempts 
on Australian and New Zealand businesses in the future. 
 
“Our priority remains on contacting every customer whose personal information was compromised and to support 
them through this process. 
 
“In paral el, our teams have been focused on safely restoring our IT systems, bringing staffing levels back to ful  
capacity, enhancing security protections and returning to normal operations. 
   
Released 
“I apologise personally and sincerely for the distress that this cyber-attack has caused and I hope that in time we are 
able to earn back the confidence of our customers.” 
 
 

 
Supporting our customers 
Latitude is delivering a comprehensive customer care and remediation program to support affected individuals. Some 
of the steps we are taking include: 
 
Latitude’s dedicated contact centres are available for affected customers in Australia and New Zealand between 9am 
– 6pm AEST/NZST, Monday – Friday. 
 
Additional support is available via our dedicated contact centres for customers who are in a uniquely vulnerable 1982
position as a result of this cyber-attack. 
 
We have engaged IDCARE, a not-for profit organisation specialising in providing free, confidential cyber incident 
information and assistance. If you wish to speak with one of their expert Case Managers, please visit idcare.org or 
call (New Zealand) 0800 121 068, 11am – 6pm NZST, Monday – Friday (excluding public holidays) or (Australia) 
Act 
1800 595 160 (use the referral code LAT23). 
 
Mental Health and Wel being Support is available free of charge through our Support Line 0800 808 374 (New 
Zealand) or 1800 808 374 (Australia). 
 
The Help page on our website is also being kept up to date with the latest information. 
 
Authorised for release to the ASX by the Board of Directors. 
 
For further information:
 
Media  
Investor Relations 
Mark Gardy 
Matthew Wilson Information 
+61 412 376 817 
+61 401 454 621 
Official 
the 
under 
Released 
 


1982
Act 
Information 
Official 
the 
under 
Released 


1982
Act 
Information 
Official 
the 
under 
Released 


1982
Act 
Information 
Official 
the 
under 
Released 

Latitude Financial Services is notifying all affected customers about the data breach. This
includes New Zealand passport holders who provided their New Zealand passport as part
of setting up their accounts with Latitude Financial Services.
If you are not contacted by Latitude Financial Services, you have not been impacted by the
breach.
What passport details could have been exposed?
1982
Some people had their New Zealand passport details compromised.
A copy of your passport bio-data page may have been exposed.
Act 
Latitude Financial Services will advise you if your New Zealand passport details were
compromised.
Do I need to replace my passport if I have been impacted?
No, you don't have to.
If you have renewed your passport since signing up with Latitude Financial Services, you
do not need to do anything.
If you have not renewed your passport, there is no need to replace your passport if it is still
Information 
valid.
Can I use my passport to travel?
Yes, your passport is safe to use for international travel. Your passport remains valid for
travel unless it has expired or it has been renewed.
Could someone else get a passport in my identity?
Official 
No. We use robust controls that protect your passport from identity takeover, including
sophisticated facial recognition technology.
the 
Could someone use my passport details to travel in my identity?
No. They would need your actual passport, not just your passport details.
If your passport has been lost or stolen, you must let the Department of Internal Affairs
(DIA) Passport Office know as soon as possible so we can cancel your passport and
under 
protect you from any misuse.
Further information about lost and stolen passports is available here:
Lost, stolen or damaged passport
Is it still safe to use my passport as proof of identity?
Impacted Latitude Financial Services customers may be concerned their passport details
could be misused to commit identity fraud.
Released 
You have the option to ask DIA to apply a block in the Australia Document Verification
Service (DVS) system on your behalf. This block will mean that your passport number

cannot be used for digital verification in Australia, but you can still use your passport to
verify your identity in person as required, such as for the purposes of taking out a loan, or a
phone plan.
If you want DIA to apply a block in DVS, email us at: [email address].
Let us know your current passport number, name and contact phone number, including
area and country codes – we’ll call from New Zealand. Put ' Latitude Financial Services' in 1982
the subject line.
Is my passport still valid if I replace it?
Act 
If you choose to replace your passport, the previous one will be cancelled once we receive
your application.
Note that a cancelled passport cannot be used for travel or identification purposes.
You will need to wait until a replacement passport has been issued.
Information about passport timeframes is available here:
Passport timeframes
What happens if I replace my New Zealand passport while I am overseas?
Information 
We understand that you may be worried that you could be stranded without any valid ID
overseas. If you have upcoming international travel planned, we recommend that you
travel on your current passport.
If you would like to replace your passport, contact DIA to discuss your upcoming travel
plans before cancelling your passport. Official 
Confidentiality Disclosure Statement: This email and any attachments may contain legally
privileged, confidential information or copyright material of the sender or third party that
is intended for the use of the intended recipient only. Any confidentiality or privilege is not
waived or lost because this document has been sent by mistake. If you are not the intended
the 
recipient, you must not read, copy, distribute, disclose or use the contents of this email or
any attachments without the consent of the sender or the relevant third party. If you have
received this mail in error, please delete it from your system immediately and notify us and
confirm the deletion by responding to the email address you received this from. Except as
required by law, the sender does not represent or warrant that the integrity of this email has
been maintained or that it is free from errors, viruses, interceptions or interference. Any
under 
personal information in this document must be handled in accordance with the privacy
laws. Please see our Privacy Policy for information about our privacy practices in Australia
by visiting https://www.latitudefinancial.com.au/privacy/ and in New Zealand by visiting
https://www.gemfinance.co.nz/privacy/.
Confidentiality Disclosure Statement: This email and any attachments may contain legally
privileged, confidential information or copyright material of the sender or third party that
is intended for the use of the intended recipient only. Any confidentiality or privilege is not
waived or lost because this document has been sent by mistake. If you are not the intended
recipient, you must not read, copy, distribute, disclose or use the contents of this email or
any attachments without the consent of the sender or the relevant third party. If you have
Released 
received this mail in error, please delete it from your system immediately and notify us and
confirm the deletion by responding to the email address you received this from. Except as

required by law, the sender does not represent or warrant that the integrity of this email has
been maintained or that it is free from errors, viruses, interceptions or interference. Any
personal information in this document must be handled in accordance with the privacy
laws. Please see our Privacy Policy for information about our privacy practices in Australia
by visiting https://www.latitudefinancial.com.au/privacy/ and in New Zealand by visiting
https://www.gemfinance.co.nz/privacy/.
Confidentiality Disclosure Statement: This email and any attachments may contain legally 1982
privileged, confidential information or copyright material of the sender or third party that
is intended for the use of the intended recipient only. Any confidentiality or privilege is not
waived or lost because this document has been sent by mistake. If you are not the intended
recipient, you must not read, copy, distribute, disclose or use the contents of this email or
Act 
any attachments without the consent of the sender or the relevant third party. If you have
received this mail in error, please delete it from your system immediately and notify us and
confirm the deletion by responding to the email address you received this from. Except as
required by law, the sender does not represent or warrant that the integrity of this email has
been maintained or that it is free from errors, viruses, interceptions or interference. Any
personal information in this document must be handled in accordance with the privacy
laws. Please see our Privacy Policy for information about our privacy practices in Australia
by visiting https://www.latitudefinancial.com.au/privacy/ and in New Zealand by visiting
https://www.gemfinance.co.nz/privacy/.
Confidentiality Disclosure Statement: This email and any attachments may contain legally
privileged, confidential information or copyright material of the sender or third party that
Information 
is intended for the use of the intended recipient only. Any confidentiality or privilege is not
waived or lost because this document has been sent by mistake. If you are not the intended
recipient, you must not read, copy, distribute, disclose or use the contents of this email or
any attachments without the consent of the sender or the relevant third party. If you have
received this mail in error, please delete it from your system immediately and notify us and
confirm the deletion by responding to the email address you received this from. Except as
required by law, the sender does not represent or warrant that the integrity of this email has
Official 
been maintained or that it is free from errors, viruses, interceptions or interference. Any
personal information in this document must be handled in accordance with the privacy
laws. Please see our Privacy Policy for information about our privacy practices in Australia
by visiting https://www.latitudefinancial.com.au/privacy/ and in New Zealand by visiting
the 
https://www.gemfinance.co.nz/privacy/.
under 
Released 


1982
Act 
Information 
Official 
the 
under 
Released 

Julia
Draft banner wording:
Latitude Financial Services (GEM Finance) in Australia has advised of a cyberattack which may
have compromised New Zealand passport holders’ information. See here for more information.
(link to page below)
Draft web page wording
1982
Latitude Financial Services data breach
Latitude Financial Services (also trading as GEM Finance in New Zealand), an Australian finance
company, has recently advised customers of a cyberattack which may have resulted in
Act 
unauthorised access to current and former customers’ information held by the company.
How do I know if I have been impacted by the data breach?
Latitude Financial Services is notifying all affected customers about the data breach. This
includes New Zealand passport holders who provided their New Zealand passport as part
of setting up their accounts with Latitude Financial Services.
If you are not contacted by Latitude Financial Services, you have not been impacted by the
breach.
What passport details could have been exposed?
Information 
Some people had their New Zealand passport details compromised.
A copy of your passport bio-data page may have been exposed.
Latitude Financial Services will advise you if your New Zealand passport details were
compromised.
Official 
Do I need to replace my passport if I have been impacted?
No, you don't have to.
the 
If you have renewed your passport since signing up with Latitude Financial Services, you
do not need to do anything.
If you have not renewed your passport, there is no need to replace your passport if it is still
valid.
Can I use my passport to travel?
under 
Yes, your passport is safe to use for international travel. Your passport remains valid for
travel unless it has expired or it has been renewed.
Could someone else get a passport in my identity?
No. We use robust controls that protect your passport from identity takeover, including
sophisticated facial recognition technology.
Could someone use my passport details to travel in my identity?
Released 
No. They would need your actual passport, not just your passport details.

If your passport has been lost or stolen, you must let the Department of Internal Affairs
(DIA) Passport Office know as soon as possible so we can cancel your passport and
protect you from any misuse.
Further information about lost and stolen passports is available here:
Lost, stolen or damaged passport
1982
Is it still safe to use my passport as proof of identity?
Impacted Latitude Financial Services customers may be concerned their passport details
Act 
could be misused to commit identity fraud.
You have the option to ask DIA to apply a block in the Australia Document Verification
Service (DVS) system on your behalf. This block will mean that your passport number
cannot be used for digital verification in Australia, but you can still use your passport to
verify your identity in person as required, such as for the purposes of taking out a loan, or a
phone plan.
If you want DIA to apply a block in DVS, email us at: [email address].
Let us know your current passport number, name and contact phone number, including
area and country codes – we’ll call from New Zealand. Put ' Latitude Financial Services' in
the subject line.
Information 
Is my passport still valid if I replace it?
If you choose to replace your passport, the previous one will be cancelled once we receive
your application.
Note that a cancelled passport cannot be used for travel or identification purposes.
Official 
You will need to wait until a replacement passport has been issued.
Information about passport timeframes is available here:
the 
Passport timeframes
What happens if I replace my New Zealand passport while I am overseas?
We understand that you may be worried that you could be stranded without any valid ID
overseas. If you have upcoming international travel planned, we recommend that you
under 
travel on your current passport.
If you would like to replace your passport, contact DIA to discuss your upcoming travel
plans before cancelling your passport.
Confidentiality Disclosure Statement: This email and any attachments may contain legally
privileged, confidential information or copyright material of the sender or third party that
is intended for the use of the intended recipient only. Any confidentiality or privilege is not
waived or lost because this document has been sent by mistake. If you are not the intended
recipient, you must not read, copy, distribute, disclose or use the contents of this email or
Released 
any attachments without the consent of the sender or the relevant third party. If you have
received this mail in error, please delete it from your system immediately and notify us and

confirm the deletion by responding to the email address you received this from. Except as
required by law, the sender does not represent or warrant that the integrity of this email has
been maintained or that it is free from errors, viruses, interceptions or interference. Any
personal information in this document must be handled in accordance with the privacy
laws. Please see our Privacy Policy for information about our privacy practices in Australia
by visiting https://www.latitudefinancial.com.au/privacy/ and in New Zealand by visiting
https://www.gemfinance.co.nz/privacy/.
1982
Act 
Information 
Official 
the 
under 
Released 


Latitude Group Holdings Ltd 
ACN 604 747 391 
 
Level 18, 130 Lonsdale St, 
Melbourne VIC 3000 
latitudefinancial.com 
27 March 2023 
 
 
ASX ANNOUNCEMENT 

 
1982
Cybercrime update 
 From the outset of the cyber-attack on Latitude (ASX: LFS), we have sought to keep our customers, partners, 
Act 
employees and the broader community as up to date as we can. 
 
This malicious attack on Latitude is under investigation by the Australian Federal Police and we continue to work 
with the Australian Cyber Security Centre and our expert cyber-security advisers. 
 
To the best of our knowledge no suspicious activity has been observed in Latitude’s systems since Thursday 16 
March 2023. 
 
As our forensic review continues to progress, we have identified that approximately 7.9 million Australian and New 
Zealand driver licence numbers were stolen, of which approximately 3.2 million, or 40%, were provided to us in the 
last 10 years. 
 
In addition, approximately 53,000 passport numbers were stolen. 
 
Information 
We have also identified less than 100 customers who had a monthly financial statement stolen. 
 
We will reimburse our customers who choose to replace their stolen ID document. 
 
A further approximately 6.1 mil ion records dating back to at least 2005 were also stolen, of which approximately 5.7 
mil ion, or 94%, were provided before 2013. 
 
These records include some but not all of the fol owing personal information: name, address, telephone, date of 
birth. 
Official 
 
Latitude maintains insurance policies to cover risks, including cyber-security risks, and we have notified our insurers 
in respect of this incident. 
 
the 
We recognise that today’s announcement wil  be a distressing development for many of our customers and we 
apologise unreservedly. 
 
We are writing to all customers, past customers and applicants whose information was compromised outlining 
details of the information stolen and our plans for remediation. 
 
Supporting our customers 
 
under 
Latitude is undertaking a comprehensive customer care program to support affected individuals. Some of the steps 
we are taking include: 
 
Latitude’s dedicated contact centres are available for affected customers in Australia and New Zealand between 
9am – 6pm AEDT/NZST, Monday – Friday. 
 
Hardship support is available via our dedicated contact centres for customers who are in a uniquely vulnerable 
position as a result of this cyber-attack. 
 
We have engaged IDCARE, a not-for profit organisation specialising in providing free, confidential cyber incident 
information and assistance. If you wish to speak with one of their expert Case Managers, please visit idcare.org or 
call (New Zealand) 0800 121 068, 11am – 6pm NZST, Monday – Friday (excluding public holidays) or (Australia) 
Released 
1800 595 160 (use the referral code LAT23). 
 
Mental Health and Wellbeing Support is available free of charge through our Support Line 0800 808 374 (New 
Zealand) or 1800 808 374 (Australia). 
 
The help page on our website is also being kept up to date with the latest information. 

 
Steps you can take to protect yourself 
 
There are immediate precautions that you can take, which include: 
•  Contacting one of Australia’s credit reporting agencies for a credit report so you can check if your identity has 
been used to obtain credit without your knowledge. 
•  In New Zealand, checking your credit record to confirm if your identity has been used to obtain credit without 
your knowledge. For further information, please refer to: 
govt.nz/browse/consumer-rights-and-complaints/debt-and-credit-records/check-your-own-credit-report 
•  Requesting the credit reporting agencies to place a credit ban or suspension on your credit file via 
1982
their website or by contacting them directly. Please be aware that you wil  not be able to apply for credit while 
the ban or suspension is in place. 
Be Alert 
 
Act 
We urge our customers to be vigilant with al  online communications and transactions, including: 
•  Staying alert for any phishing scams via phone, post or email  
•  Ensuring communications received are legitimate 
•  Not opening texts from unknown or suspicious numbers 
•  Changing passwords regularly with ‘strong’ passwords, not re-using passwords and activating multi-factor 
authentications when available on any online accounts  
•  Latitude wil  not contact customers asking for password or sensitive information 
  
If you are a victim of cybercrime, you can report it at ReportCyber on the Australian Cyber Security Centre website. 
 
If you wish to report a scam or a vulnerability, go to ScamWatch. 
 
Latitude Financial CEO Ahmed Fahour said: 
Information 
 
“It is hugely disappointing that such a significant number of additional customers and applicants have been affected 
by this incident. We apologise unreservedly. 
  
“We are committed to working closely with impacted customers and applicants to minimise the risk and disruption to 
them, including reimbursing the cost if they choose to replace their ID document. We are also committed to a full 
review of what has occurred. 
 
“We urge al  our customers to be vigilant and on the look-out for suspicious behaviour relating to their accounts. We 
Official 
wil  never contact customers requesting their passwords. 
 
“We continue to work around the clock to safely restore our operations. We are rectifying platforms impacted in the 
attack and have implemented additional security monitoring as we return to operations in the coming days. 
the 
 
“We thank customers and merchant partners for their support and patience. Customers can continue to make 
transactions on their Latitude credit card.” 
 
Authorised for release to the ASX by the Board of Directors. 
 
For further information: under 
 
Media  
Investor Relations 
Mark Gardy 
Matthew Wilson 
+61 412 376 817 
+61 401 454 621 
Released 


1982
Act 
Information 
Official 
the 
under 
Released 

How do I know if I have been impacted by the data breach?
Latitude Financial Services is notifying all affected customers about the data breach. This
includes New Zealand passport holders who provided their New Zealand passport as part
of setting up their accounts with Latitude Financial Services.
If you are not contacted by Latitude Financial Services, you have not been impacted by the
breach.
1982
What passport details could have been exposed?
Some people had their New Zealand passport details compromised.
Act 
A copy of your passport bio-data page may have been exposed.
Latitude Financial Services will advise you if your New Zealand passport details were
compromised.
Do I need to replace my passport if I have been impacted?
No, you don't have to.
If you have renewed your passport since signing up with Latitude Financial Services, you
do not need to do anything.
Information 
If you have not renewed your passport, there is no need to replace your passport if it is still
valid.
Can I use my passport to travel?
Yes, your passport is safe to use for international travel. Your passport remains valid for
travel unless it has expired or it has been renewed.
Official 
Could someone else get a passport in my identity?
No. We use robust controls that protect your passport from identity takeover, including
the 
sophisticated facial recognition technology.
Could someone use my passport details to travel in my identity?
No. They would need your actual passport, not just your passport details.
under 
If your passport has been lost or stolen, you must let the Department of Internal Affairs
(DIA) Passport Office know as soon as possible so we can cancel your passport and
protect you from any misuse.
Further information about lost and stolen passports is available here:
Lost, stolen or damaged passport
Is it still safe to use my passport as proof of identity?
Impacted Latitude Financial Services customers may be concerned their passport details
Released 
could be misused to commit identity fraud.

You have the option to ask DIA to apply a block in the Australia Document Verification
Service (DVS) system on your behalf. This block will mean that your passport number
cannot be used for digital verification in Australia, but you can still use your passport to
verify your identity in person as required, such as for the purposes of taking out a loan, or a
phone plan.
If you want DIA to apply a block in DVS, email us at: [email address].
1982
Let us know your current passport number, name and contact phone number, including
area and country codes – we’ll call from New Zealand. Put ' Latitude Financial Services' in
the subject line.
Act 
Is my passport still valid if I replace it?
If you choose to replace your passport, the previous one will be cancelled once we receive
your application.
Note that a cancelled passport cannot be used for travel or identification purposes.
You will need to wait until a replacement passport has been issued.
Information about passport timeframes is available here:
Passport timeframes
Information 
What happens if I replace my New Zealand passport while I am overseas?
We understand that you may be worried that you could be stranded without any valid ID
overseas. If you have upcoming international travel planned, we recommend that you
travel on your current passport.
If you would like to replace your passport, contact DIA to discuss your upcoming travel
Official 
plans before cancelling your passport.
Confidentiality Disclosure Statement: This email and any attachments may contain legally
privileged, confidential information or copyright material of the sender or third party that
the 
is intended for the use of the intended recipient only. Any confidentiality or privilege is not
waived or lost because this document has been sent by mistake. If you are not the intended
recipient, you must not read, copy, distribute, disclose or use the contents of this email or
any attachments without the consent of the sender or the relevant third party. If you have
received this mail in error, please delete it from your system immediately and notify us and
confirm the deletion by responding to the email address you received this from. Except as
under 
required by law, the sender does not represent or warrant that the integrity of this email has
been maintained or that it is free from errors, viruses, interceptions or interference. Any
personal information in this document must be handled in accordance with the privacy
laws. Please see our Privacy Policy for information about our privacy practices in Australia
by visiting https://www.latitudefinancial.com.au/privacy/ and in New Zealand by visiting
https://www.gemfinance.co.nz/privacy/.
Released 


1982
Act 
Information 
Official 
the 
under 
 
Released 
 
Page 1 of 1 

From:
Cutt, Brendon (Latitude Financial)
To:
Julia Wootton; Walls, Frederika (Latitude Financial)
Subject:
Latitude/DIA media management
Date:
Tuesday, 21 March 2023 4:17:56 pm
Hi Freddie
As just mentioned, Julia has received a couple of media queries. Can you please call her to
discuss asap.
1982
Julia Wootton
General Manager Service and Access
[email address]
Act 
Thanks, Brendon
Confidentiality Disclosure Statement: This email and any attachments may contain legally
privileged, confidential information or copyright material of the sender or third party that
is intended for the use of the intended recipient only. Any confidentiality or privilege is not
waived or lost because this document has been sent by mistake. If you are not the intended
recipient, you must not read, copy, distribute, disclose or use the contents of this email or
any attachments without the consent of the sender or the relevant third party. If you have
received this mail in error, please delete it from your system immediately and notify us and
confirm the deletion by responding to the email address you received this from. Except as
required by law, the sender does not represent or warrant that the integrity of this email has
Information 
been maintained or that it is free from errors, viruses, interceptions or interference. Any
personal information in this document must be handled in accordance with the privacy
laws. Please see our Privacy Policy for information about our privacy practices in Australia
by visiting https://www.latitudefinancial.com.au/privacy/ and in New Zealand by visiting
https://www.gemfinance.co.nz/privacy/.
Official 
the 
under 
Released 


1982
Act 
Information 
Official 
the 
under 
Released 

compromised.
Do I need to replace my passport if I have been impacted?
No, you don't have to.
If you have renewed your passport since signing up with Latitude Financial Services, you
do not need to do anything.
1982
If you have not renewed your passport, there is no need to replace your passport if it is still
valid.
Act 
Can I use my passport to travel?
Yes, your passport is safe to use for international travel. Your passport remains valid for
travel unless it has expired or it has been renewed.
Could someone else get a passport in my identity?
No. We use robust controls that protect your passport from identity takeover, including
sophisticated facial recognition technology.
Could someone use my passport details to travel in my identity?
Information 
No. They would need your actual passport, not just your passport details.
If your passport has been lost or stolen, you must let the Department of Internal Affairs
(DIA) Passport Office know as soon as possible so we can cancel your passport and
protect you from any misuse.
Further information about lost and stolen passports is available here:
Official 
Lost, stolen or damaged passport
Is it still safe to use my passport as proof of identity?
the 
Impacted Latitude Financial Services customers may be concerned their passport details
could be misused to commit identity fraud.
You have the option to ask DIA to apply a block in the Australia Document Verification
Service (DVS) system on your behalf. This block will mean that your passport number
cannot be used for digital verification in Australia, but you can still use your passport to
under 
verify your identity in person as required, such as for the purposes of taking out a loan, or a
phone plan.
If you want DIA to apply a block in DVS, email us at: [email address].
Let us know your current passport number, name and contact phone number, including
area and country codes – we’ll call from New Zealand. Put ' Latitude Financial Services' in
the subject line.
Is my passport still valid if I replace it?
Released 
If you choose to replace your passport, the previous one will be cancelled once we receive
your application.

Note that a cancelled passport cannot be used for travel or identification purposes.
You will need to wait until a replacement passport has been issued.
Information about passport timeframes is available here:
Passport timeframes
1982
What happens if I replace my New Zealand passport while I am overseas?
We understand that you may be worried that you could be stranded without any valid ID
Act 
overseas. If you have upcoming international travel planned, we recommend that you
travel on your current passport.
If you would like to replace your passport, contact DIA to discuss your upcoming travel
plans before cancelling your passport.
Confidentiality Disclosure Statement: This email and any attachments may contain legally
privileged, confidential information or copyright material of the sender or third party that
is intended for the use of the intended recipient only. Any confidentiality or privilege is not
waived or lost because this document has been sent by mistake. If you are not the intended
recipient, you must not read, copy, distribute, disclose or use the contents of this email or
any attachments without the consent of the sender or the relevant third party. If you have
Information 
received this mail in error, please delete it from your system immediately and notify us and
confirm the deletion by responding to the email address you received this from. Except as
required by law, the sender does not represent or warrant that the integrity of this email has
been maintained or that it is free from errors, viruses, interceptions or interference. Any
personal information in this document must be handled in accordance with the privacy
laws. Please see our Privacy Policy for information about our privacy practices in Australia
by visiting https://www.latitudefinancial.com.au/privacy/ and in New Zealand by visiting
https://www.gemfinance.co.nz/privacy/.
Official 
the 
under 
Released 


Latitude Group Holdings Ltd 
ACN 604 747 391 
Level 18, 130 Lonsdale St, 
Melbourne VIC 3000 
latitudefinancial.com 
20 March 2023 
ASX ANNOUNCEMENT 
1982
Cybercrime update 
Latitude Financial (ASX: LFS) announced on 16 March 2023 that it had detected unusual activity on its systems 
Act 
which it can now confirm as a sophisticated, well-organised and malicious cyber-attack which remains active. 
We recognise the distress to our customers caused by the theft of their personal information and we are committed 
to transparently updating our customers, partners, employees and the broader community. 
Latitude immediately engaged leading external cyber security experts, the Australian Cyber Security Centre, the 
Australian Federal Police and other relevant Government agencies. 
The attack on Latitude is now the subject of an investigation by the Australian Federal Police. 
Our people are working around the clock to contain the attackers. We have taken the prudent action of isolating 
some of our technology platforms which means that we are currently not onboarding new customers. 
Because the attack remains active, we have taken our platforms offline and are unable to service our customers and 
Information 
merchant partners. We cannot restore this capability immediately, however we are working to do so gradual y over 
the coming days and ask our customers for their continued patience. Our restoration of these services is aligned to 
our forensic review.   
In conjunction with our cyber-security experts, we are continuing our forensic review of our IT platforms to identify 
the full extent of the theft of customer information as a result of the attack on Latitude. 
So far, Latitude can confirm that: 
Official 

As previously disclosed, approximately 330,000 customers and applicants have had their personal
information stolen

Approximately 96% of the personal information stolen was copies of drivers’ licences or driver licence
numbers
the 

Less than 4% was copies of passports or passport numbers

Less than 1% was Medicare numbers
As our review deepens to include non-customer originating platforms and historical customer information, we are 
likely to uncover more stolen information affecting both current and past Latitude customers and applicants. We will 
provide a further update when we have more information to share. 
Latitude encourages our customers to remain vigilant. We wil  never contact customers requesting their passwords. 
under 
From today, Latitude wil  commence contacting customers and applicants who have so far been impacted by this 
criminal act, having already written to all our customers on Thursday 16 March 2023 to alert them to the cyber-
attack.  
Latitude wil  confirm to each impacted customer and applicant what personal information has been stolen, what we 
are doing to support them and what additional steps customers should consider taking to further protect their 
information. This includes Latitude working with relevant agencies to replace identification documents, where 
necessary, at no cost to our customers. 
We have engaged IDCARE to help support those impacted. IDCARE is a not-for profit organisation and Australia and 
Released 
New Zealand’s national incident response service specialising in providing free, confidential cyber incident 
information and assistance. Impacted customers and applicants wil  be able to contact IDCARE during business 
hours on 1800 595 160. 
As of today, Latitude has established dedicated contact centres for impacted customers in Australia and New 
Zealand to answer queries, as well as a dedicated help page on our website to keep customers and partners fully 

informed of developments. 
 
Once the cyber-attack is contained, Latitude commits to a review of this incident. This review will help Latitude to 
most effectively safeguard our customers, partners and platforms, while contributing to the continued fight against 
cyber-crime on Australian businesses.  
 
Latitude is stil  assessing the anticipated total cost to it of this incident, including the cost to Latitude of the support we 
intend to provide our customers as described in this announcement.  
 
Latitude maintains insurance policies to cover risks, including cyber security risks, and we have notified our insurers 
in respect of the incident. 
 
Latitude Financial Services CEO Ahmed Fahour said: 
1982
 
 “I sincerely apologise to our customers and partners for the distress and inconvenience this criminal act has 
caused. I understand ful y the wider concern that this cyber-attack has created within the community. 
 
Act 
“Our focus is on protecting the ongoing security of our customers, partners and employees’ personal and identity 
information, while also doing everything we can to support customers and applicants who have had information 
stolen. 
 
“While we continue to deliver transactional services, some functionality has been affected resulting in disruption. We 
are working extremely hard to restore full services to our customers and merchant partners and thank them for their 
patience and support. We understand their frustration. Customers should refer to Latitude’s website for regular 
updates.” 
 
Authorised for release to the ASX by the Company Secretary, Vicki Letcher. 
 
For further information: 
 
Media  
Investor Relations 
Information 
Mark Gardy 
Matthew Wilson 
+61 412 376 817 
+61 401 454 621 
 
 
 
 
 
 

Official 
 
 
 
 
 

the 
 
 
 
 
 
 
 

under 
 
 
 
 
 
 
 
 
 
 
 
 

Released 
 
 
 
 
 
 



1982
Act 
Information 
Official 
the 
under 
Released 


1982
Act 
Information 
Official 
the 
under 
Released 


1982
Act 
Information 
Official 
the 
under 
Released 

[email address]
Cheers
Dan Leavasa | IT Service Delivery Manager for Service Delivery & Operations | Te Ara Matihiko | m: 
Department of Internal Affairs
From: 
@datacom.co.nz>
1982
Sent: Sunday, March 19, 2023 2:56 PM
To: Daniel Leavasa <[email address]>
Subject: Fw: DIA Passport holders affected by Latitude security incident
Act 
Afternoon Dan,
See below for the original details from Brendon as well as their plan for comms and what
the Australian Passports department have set up on their website:
Contact Name: Brendon Cutt
Contact Number: 
Email: [email address]
Issue: Caller called from Latitude Financial Services (shortened to Latitude
Financial or Latitude) is an Australian financial services company with
headquarters in Melbourne, Victoria, also doing business in New Zealand
under the name Gem Finance, he mentioned they recently had a Data Breach
Information 
in their Organization which is affected 30,000 NZ passport Holder, he wants
some one to call him at the earliest to advice how they can further act by
informing the customer in calmly manner.
Gareth, Manu and Mitesh from the DIA security team are also aware of this.
From: Cutt, Brendon (Latitude Financial) <[email address]>
Official 
Sent: Sunday, March 19, 2023 2:26 PM
To: DIA incident management <[email address]>
Subject: RE: DIA Passport holders affected by Latitude security incident
the 
Hello
Thanks for making contact.
We are mobilising to send a communication to known impacted customers in New Zealand on
Monday. Some of those people have had their NZ Passport compromised in our cyber-attack and
we would like to know what information we can advise those people at this time.
For our equivalent communication to people in Australia who have had an AU passport
under 
compromised, DFAT has confirmed to us, and we will be communicating same, that impacted
passports are still safe to use and that we can direct people to the following website for further
information www.passports.gov.au/news/latitude-financial-services-data-breach
Your assistance and advice would be greatly appreciated.
I can be contacted on 
.
Regards, Brendon
General Manager, Compliance
Latitude Financial Services
From: DIA incident management <[email address]> 
Released 
Sent: Sunday, 19 March 2023 1:44 pm
To: Cutt, Brendon (Latitude Financial) <[email address]>


Subject: [EXTERNAL] DIA Passport holders affected by Latitude security incident
Hi Brendon,
I've just been speaking with our Service Desk and the DIA Security Team around your call
earlier this morning. Is there any particular information or guidance you're looking for from
our end or was the call more of an FYI for our awareness?
I assume comms have already gone out from your end to the affected customers via the
details on record with Latitude?
1982
Regards,
The Incident Management Team
Email: [email address]
Act 
Confidentiality Disclosure Statement: This email and any attachments may contain legally
privileged, confidential information or copyright material of the sender or third party that is
intended for the use of the intended recipient only. Any confidentiality or privilege is not waived
or lost because this document has been sent by mistake. If you are not the intended recipient,
you must not read, copy, distribute, disclose or use the contents of this email or any attachments
without the consent of the sender or the relevant third party. If you have received this mail in
error, please delete it from your system immediately and notify us and confirm the deletion by
responding to the email address you received this from. Except as required by law, the sender
Information 
does not represent or warrant that the integrity of this email has been maintained or that it is
free from errors, viruses, interceptions or interference. Any personal information in this
document must be handled in accordance with the privacy laws. Please see our Privacy Policy for
information about our privacy practices in Australia by visiting
https://www.latitudefinancial.com.au/privacy/ and in New Zealand by visiting
https://www.gemfinance.co.nz/privacy/.Official 
Confidentiality Disclosure Statement: This email and any attachments may contain legally
privileged, confidential information or copyright material of the sender or third party that is
intended for the use of the intended recipient only. Any confidentiality or privilege is not waived
the 
or lost because this document has been sent by mistake. If you are not the intended recipient,
you must not read, copy, distribute, disclose or use the contents of this email or any attachments
without the consent of the sender or the relevant third party. If you have received this mail in
error, please delete it from your system immediately and notify us and confirm the deletion by
responding to the email address you received this from. Except as required by law, the sender
does not represent or warrant that the integrity of this email has been maintained or that it is
under 
free from errors, viruses, interceptions or interference. Any personal information in this
document must be handled in accordance with the privacy laws. Please see our Privacy Policy for
information about our privacy practices in Australia by visiting
https://www.latitudefinancial.com.au/privacy/ and in New Zealand by visiting
https://www.gemfinance.co.nz/privacy/.
Confidentiality Disclosure Statement: This email and any attachments may contain legally
privileged, confidential information or copyright material of the sender or third party that is
intended for the use of the intended recipient only. Any confidentiality or privilege is not waived
or lost because this document has been sent by mistake. If you are not the intended recipient,
Released 
you must not read, copy, distribute, disclose or use the contents of this email or any attachments

without the consent of the sender or the relevant third party. If you have received this mail in
error, please delete it from your system immediately and notify us and confirm the deletion by
responding to the email address you received this from. Except as required by law, the sender
does not represent or warrant that the integrity of this email has been maintained or that it is
free from errors, viruses, interceptions or interference. Any personal information in this
document must be handled in accordance with the privacy laws. Please see our Privacy Policy for
information about our privacy practices in Australia by visiting
1982
https://www.latitudefinancial.com.au/privacy/ and in New Zealand by visiting
https://www.gemfinance.co.nz/privacy/.
Confidentiality Disclosure Statement: This email and any attachments may contain legally
Act 
privileged, confidential information or copyright material of the sender or third party that
is intended for the use of the intended recipient only. Any confidentiality or privilege is not
waived or lost because this document has been sent by mistake. If you are not the intended
recipient, you must not read, copy, distribute, disclose or use the contents of this email or
any attachments without the consent of the sender or the relevant third party. If you have
received this mail in error, please delete it from your system immediately and notify us and
confirm the deletion by responding to the email address you received this from. Except as
required by law, the sender does not represent or warrant that the integrity of this email has
been maintained or that it is free from errors, viruses, interceptions or interference. Any
personal information in this document must be handled in accordance with the privacy
laws. Please see our Privacy Policy for information about our privacy practices in Australia
by visiting https://www.latitudefinancial.com.au/privacy/ and in New Zealand by visiting
Information 
https://www.gemfinance.co.nz/privacy/.
Official 
the 
under 
Released 


1982
Act 
Information 
Official 
the 
under 
Released 

have compromised New Zealand passport holders’ information. See here for more information.
(link to page below)
Draft web page wording
Latitude Financial Services data breach
Latitude Financial Services (also trading as GEM Finance in New Zealand), an Australian finance
company, has recently advised customers of a cyberattack which may have resulted in
1982
unauthorised access to current and former customers’ information held by the company.
How do I know if I have been impacted by the data breach?
Act 
Latitude Financial Services is notifying all affected customers about the data breach. This
includes New Zealand passport holders who provided their New Zealand passport as part
of setting up their accounts with Latitude Financial Services.
If you are not contacted by Latitude Financial Services, you have not been impacted by the
breach.
What passport details could have been exposed?
Some people had their New Zealand passport details compromised.
A copy of your passport bio-data page may have been exposed.
Information 
Latitude Financial Services will advise you if your New Zealand passport details were
compromised.
Do I need to replace my passport if I have been impacted?
No, you don't have to.
Official 
If you have renewed your passport since signing up with Latitude Financial Services, you
do not need to do anything.
If you have not renewed your passport, there is no need to replace your passport if it is still
the 
valid.
Can I use my passport to travel?
Yes, your passport is safe to use for international travel. Your passport remains valid for
travel unless it has expired or it has been renewed.
under 
Could someone else get a passport in my identity?
No. We use robust controls that protect your passport from identity takeover, including
sophisticated facial recognition technology.
Could someone use my passport details to travel in my identity?
No. They would need your actual passport, not just your passport details.
If your passport has been lost or stolen, you must let the Department of Internal Affairs
Released 
(DIA) Passport Office know as soon as possible so we can cancel your passport and
protect you from any misuse.

Further information about lost and stolen passports is available here:
Lost, stolen or damaged passport
Is it still safe to use my passport as proof of identity?
Impacted Latitude Financial Services customers may be concerned their passport details
could be misused to commit identity fraud.
1982
You have the option to ask DIA to apply a block in the Australia Document Verification
Service (DVS) system on your behalf. This block will mean that your passport number
cannot be used for digital verification in Australia, but you can still use your passport to
Act 
verify your identity in person as required, such as for the purposes of taking out a loan, or a
phone plan.
If you want DIA to apply a block in DVS, email us at: [email address].
Let us know your current passport number, name and contact phone number, including
area and country codes – we’ll call from New Zealand. Put ' Latitude Financial Services' in
the subject line.
Is my passport still valid if I replace it?
If you choose to replace your passport, the previous one will be cancelled once we receive
Information 
your application.
Note that a cancelled passport cannot be used for travel or identification purposes.
You will need to wait until a replacement passport has been issued.
Information about passport timeframes is available here:
Official 
Passport timeframes
What happens if I replace my New Zealand passport while I am overseas?
the 
We understand that you may be worried that you could be stranded without any valid ID
overseas. If you have upcoming international travel planned, we recommend that you
travel on your current passport.
If you would like to replace your passport, contact DIA to discuss your upcoming travel
plans before cancelling your passport.
under 
Confidentiality Disclosure Statement: This email and any attachments may contain legally
privileged, confidential information or copyright material of the sender or third party that
is intended for the use of the intended recipient only. Any confidentiality or privilege is not
waived or lost because this document has been sent by mistake. If you are not the intended
recipient, you must not read, copy, distribute, disclose or use the contents of this email or
any attachments without the consent of the sender or the relevant third party. If you have
received this mail in error, please delete it from your system immediately and notify us and
confirm the deletion by responding to the email address you received this from. Except as
required by law, the sender does not represent or warrant that the integrity of this email has
Released 
been maintained or that it is free from errors, viruses, interceptions or interference. Any
personal information in this document must be handled in accordance with the privacy

laws. Please see our Privacy Policy for information about our privacy practices in Australia
by visiting https://www.latitudefinancial.com.au/privacy/ and in New Zealand by visiting
https://www.gemfinance.co.nz/privacy/.
Confidentiality Disclosure Statement: This email and any attachments may contain legally
privileged, confidential information or copyright material of the sender or third party that
is intended for the use of the intended recipient only. Any confidentiality or privilege is not
waived or lost because this document has been sent by mistake. If you are not the intended 1982
recipient, you must not read, copy, distribute, disclose or use the contents of this email or
any attachments without the consent of the sender or the relevant third party. If you have
received this mail in error, please delete it from your system immediately and notify us and
confirm the deletion by responding to the email address you received this from. Except as
Act 
required by law, the sender does not represent or warrant that the integrity of this email has
been maintained or that it is free from errors, viruses, interceptions or interference. Any
personal information in this document must be handled in accordance with the privacy
laws. Please see our Privacy Policy for information about our privacy practices in Australia
by visiting https://www.latitudefinancial.com.au/privacy/ and in New Zealand by visiting
https://www.gemfinance.co.nz/privacy/.
Information 
Official 
the 
under 
Released