Latitude Financial has reported a "sophisticated and malicious" cyber attack, exposing the data of over 300,000 customers.
The finance company understands that approximately 103,000 identification documents, more than 97% of which are copies of drivers’ licences, were stolen from one service provider. Approximately 225,000 customer records were also stolen from a second service provider.
In a statement to the Australian Stock Exchange, Latitude Financial said investigations are ongoing.
"Latitude Financial has detected unusual activity on its systems over the last few days that appears to be a sophisticated and malicious cyber-attack. The activity is believed to have originated from a major vendor used by Latitude.
"While Latitude took immediate action, the attacker was able to obtain Latitude employee login credentials before the incident was isolated.
"The attacker appears to have used the employee login credentials to steal personal information that was held by two other service providers."
Latitude Financial confirmed it is working with the Australian Cyber Security Centre, law enforcement agencies and cyber security specialists to contain the attack.
"Latitude is continuing to respond to this attack and is doing everything in its power to contain the incident and prevent the theft of further customer data, including isolating and removing access to some customer-facing and internal systems."
Latitude Financial offers loans, credit cards and insurance. It recently signed a 10 year agreement with department store David Jones.