March 27 (UPI) -- Hackers have stolen the personal information of millions of people in Australia and New Zealand, consumer finance firm Latitude Financial said Monday, as it announced the extent of the damage caused by a cyberattack first detected earlier this month.
Latitude Financial, which providers services to major Australian retailers, announced March 16 it had observed unusual activity on its systems that appeared to be "a sophisticated and malicious cyberattack" involving the theft of identification documents.
On Monday, it said the theft involved the driver license numbers of some 7.9 million people in Australia and New Zealand and 53,000 passport numbers as well as another 6.1 million records dating back to at least 2005 that include personal information, such as names, addresses, telephone numbers and dates of birth, among other data.
"We recognize that today's announcement will be a distressing development for many of our customers and we apologize unreservedly," the company said in a statement. "We are writing to all customers, past customers and applicants whose information was compromised outlining details of the information stolen and our plans for remediation."
Of the driver license numbers stolen, 40% had been provided to the company within the last decade, while 94% of the stolen personal records were from before 2013.
Latitude has said that it believes the cyberattack originated from a major vendor and involved the use of an employee's login credentials to steal personal information that was held by two other service providers.
Since it announced the attack earlier this month, there has been no suspicious activity observed in its systems, Latitude said.
"We continue to work around the clock to safely restore our operations," Latitude CEO Ahmed Fahour said Monday. "We are rectifying platforms impacted in the attack and have implemented additional security monitoring as we return to operations in the coming days."
The attack is the latest to successfully target Australian entities after telecommunications giant Optus was hit with a data breach in September and Medibank was victimized last month.
Australia's Minister for Cyber Security Clare O'Neil said Monday's announcement by Latitude was "deeply concerning" to Canberra.
"Australian companies, governments and organizations need to do more to prevent cyberattacks," she said in a statement.
When Prime Minister Anthony Albanese and his government was elected to helm the country last year, the nation's cybersecurity lagged behind by five years, she said.
"There is a huge amount of work underway to help Australia catch up, and prepare for the future," she said. "We can't reduce cyber risk to zero, we can help protect Australians better by building stronger defense, and punching back where necessary."
Some 330,000 people affected by the breach have already been contacted, Latitude Financial said.