If you think the personal details you provide during everyday transactions are safe and secure, you need to read this.

In early March this year, Australia suffered its largest ever data breach when a company that virtually nobody had heard of fell victim to a major hack. Prior to the hack, Latitude Financial Services was a relatively unknown company but hit the news big time when the personal details of more than 8 million Australians were stolen by hackers. However, it isn’t just the huge number of victims that has raised alarms but also the sheer scope of personal information involved, including names, addresses, phone numbers, dates of birth, passport numbers, driver’s license numbers, and financial records. Certainly more than enough for identity theft.

My Involvement With Latitude

I have never in my life had an account with Latitude nor have I ever done business with the company. So, imagine my surprise when I received a letter from Latitude advising me that “some of my personal details have been compromised”. How could Latitude possibly have any personal details about me in its database when I have never done any business with the company? That was the burning question.

The letter I received included a help telephone number for those who have been impacted and after several attempts involving many hours waiting on the phone, I finally got through to one of Latitude’s support staff and asked that very question. I was shocked by the reply. Apparently, Latitude is associated in some way with just about every major retailer in Australia so, when you purchase any item from any of these retailers, the retailer then passes on all your personal details to Latitude.

For what exact purpose, I have no idea. I can only surmise that Latitude sells that information on to advertising agencies and the like while the participating retailers receive some kind of kickback. Naturally, I was absolutely outraged to learn that these retailers are passing on customers’ personal details to a third party without any sort of consent or approval, or even mentioning it, and it got me wondering just how widespread this unethical practice might be.

The Latitude breach and the company itself are currently under investigation by Australian authorities. As I understand the situation, the investigation is primarily concentrating on Latitude’s security practices/measures, or lack thereof, but I sincerely hope this outrageous practice of passing on personal details to third parties without any sort of authorization also comes well and truly under the microscope because that must surely constitute a most serious violation of privacy.

So, there you have it. You’re sitting at home thinking that, because you’ve always followed safe/best practices, your personal information is safe and secure, and then along comes the startling revelation that no matter how judicious you are, your personal information is never truly safe.

—