Latitude has confirmed that “a sophisticated, well-organised and malicious cyber-attack” is still active, and the company’s investigations are “likely to uncover more stolen information” that previously reported.

In an update to the ASX, Latitude notes that leading external cyber security experts, the Australian Cyber Security Centre, the Australian Federal Police, and other relevant Government agencies are investigating the breach.

“Our people are working around the clock to contain the attackers. We have taken the prudent action of isolating some of our technology platforms which means that we are currently not onboarding new customers.

“Because the attack remains active, we have taken our platforms offline and are unable to service our customers and merchant partners.”

“We cannot restore this capability immediately, however we are working to do so gradually over the coming days and ask our customers for their continued patience. Our restoration of these services is aligned to our forensic review.”

Latitude confirmed, as previously disclosed, approximately 330,000 customers and applicants have had their personal information stolen. Approximately 96 per cent of the personal information stolen was copies of drivers’ licences or driver licence numbers; less than 4 per cent was copies of passports or passport numbers; and less than 1% was Medicare numbers.

“As our review deepens to include non-customer originating platforms and historical customer information, we are likely to uncover more stolen information affecting both current and past Latitude customers and applicants,” the update continues.

“We will provide a further update when we have more information to share.”