Lost income and costs associated with its cyber attack in March will tip Latitude Group into loss for the year to December.
The company reported on Friday that the loss for the six months to June will be between A$95 million and $105 million. It also expects to report a loss for the full year.
On March 16, Latitude reported that it had detected “unusual activity on its systems over the last few days that appears to be a sophisticated and malicious cyber-attack”.
It said the attacker used employee login credentials to steal information held by two of its service providers. Initially, Latitude reported that around 103,000 identification documents, mostly drivers’ licences, were stolen from one and 225,000 customer records from the other.
In the following days the position worsened, with the company reporting that passport numbers and Medicare numbers were also stolen. Then it reported that close to eight million drivers licence numbers were stolen, as well as more than six million historical customer records dating back to 2005.
A ransom demand was received and rejected.
In Friday’s update, the company said it was able to continue processing transaction during this period but new account originations and collections were closed or severely restricted for around five weeks. Regular commercial operations are now fully restored and no further suspicious activity has been detected.
Latitude lost income and suffered higher credit losses. Delinquencies jumped from below 80 basis points to more than 100 bps.
In addition, the company will make a provision of around $46 million for costs associated with the incident. These include likely remediation costs but not any potential fines, class actions, system upgrades or an assumption for insurance proceeds.
The company expects that at the end of the June half it will have receivables of $6.1 billion to $6.3 billion – down from $6.5 billion at the end of December last year.
It said the board is unlikely to declare a first-half dividend.