Latitude Financial has said 7.9 million driver's licences plus other personal information were breached in its recent cyber attack.
In an update [pdf] to the Australian Securities Exchange, the consumer credit company said around 3.2 million of those licences were provided in the last 10 years.
The licences are from both Australia and New Zealand.
Around 6.1 million further records were breached, provided before 2013 and dating back to 2005.
These included some - but not all of - names, addresses, telephone numbers, and dates of birth.
The breach also affected 53,000 passport numbers, and financial statements affecting fewer than 100 customers.
“We will reimburse customers who choose to replace their stolen ID document," Latitude’s statement said.
The breach began when staff logins were used to access two third-party services providers.
When the breach was first discovered, Latitude believed it affected around 225,000 customers.
However, last week the company warned that “large scale information theft” had taken place.
The company believes it has plugged the breach, saying that "to the best of our knowledge, no suspicious activity has been observed in Latitude’s systems since Thursday 16 March 2023.”
