Australia’s Latitude Group and IPH Hit by Cyber Attacks, Continuing Wave of Hacks

Digital payments firm Latitude Group Holdings and intellectual property services provider IPH Ltd. reported data breaches on Thursday, joining a host of other Australian firms targeted by hackers in recent months.

Some of Australia’s largest companies have reported data breaches since September last year, including Optus, owned by Singapore Telecommunications Ltd., and health insurer Medibank Private Ltd.

Latitude said personal information, including copies of drivers’ licenses and customer records, of around 328,000 customers held by two service providers were stolen.

IPH detected unauthorized access to document management systems, which handle administrative documents, and some client documents and correspondence, at its head office and two member firms.

After the massive cyber attack on Medibank in November, Australian authorities tabled a new cyber-policing model in a re-energized push to nab cyber crime syndicates that had recently affected millions of Australians.

The effort included a partnership between the federal police and a government agency that intercepts electronic communication from foreign countries to police such criminal activity.

Technology experts say hackers have targeted Australia just as a skills shortage has left companies understaffed and an already overworked cyber security workforce ill-equipped to stop attacks.

Although the material impact of these attacks on the companies is often short-lived and mitigated partly by insurance, they pose potential long-term risks to companies’ reputation.

“We simply leave things to insurance companies, and awareness campaigns for many smaller sectors,” said Alana Maurushat, professor of cybersecurity at Western Sydney University.

“Our boards of directors have little cyber-security training around risk. We don’t have any cyber-security training requirements for decision makers.”

Data compiled by the government agency Australian Cyber Security Centre (ACSC) showed 76,000 cyber incidents were reported in the 2022 financial year, a 13% increase from the year before.

ACSC was unavailable to comment on the Latitude and IPH incidents.

(Reporting by Upasana Singh and Rishav Chatterjee, Mehr Bedi and Himanshi Akhand in Bengaluru; editing by Devika Syamnath, Maju Samuel and Rashmi Aich)