Soon after Latitude Financial revealed it suffered a cyber attack, DXC Technology quietly published a note on its website stating its global network and customer support networks were not compromised.When Latitude Financial, which is listed in the Australian Securities Exchange (ASX), first published about the attack it said the activity was believed to have \u201coriginated from a major vendor used\u201d by the company. According to Latitude, the attacker obtained login credentials from an employee using it to \u201csteal personal information that was held by two other services providers\u201d.Latitude provides loans, credit cards and insurance in Australia, New Zealand, Canada and Singapore. Some of its services includes interest free instalments for JB Hi-Fi, The Good Guys and David Jones customers when shopping online.Nothing to see hereDXC is one of the largest IT services providers in the world and back in 2017, when it launched after the merger of CSC and HPE\u2019s services division, it revealed that a majority of its personnel and half of its customers were based in Australia.On 17 March, the company published an unprompted public statement assuring its network was safe. \u201cDXC is liaising with the Australian Cyber Security Centre (ACSC), and we have advised them that our systems are secure and operating as normal,\u201d read the statement.\u201cDXC takes the responsibility of protecting the security of its customers\u2019 systems and data very seriously.\u201dThis announcement sparked suspicion with the AFR Weekend writing it understands DXC to be one of Latitude\u2019s providers.CSO has reached out to DXC Technology Australia for comment.Latitude reveals 14 million customers impacted, not 330,000Ten days after Latitude revealed it had been breached, the company found that data from 14 million people had been accessed, as opposed to the 330,000 it had first believed.The attacker managed to use the stolen employee credential to access customer data stored by both services providers before Latitude was able to isolate the incident.As of 27 March the company knows that 7.9 million Australian and New Zealand driver licence numbers were stolen, of which approximately 3.2 million, or 40%, were provided to the company in the last 10 years. Approximately 53,000 passport numbers were stolen, and less than 100 customers had a monthly financial statement stolen.There were also 6.1 million records dating back to 2005 that were accessed including name, address, telephone, and date of birth.\u201cWe are committed to working closely with impacted customers and applicants to minimise the risk and disruption to them, including reimbursing the cost if they choose to replace their ID document. We are also committed to a full review of what has occurred,\u201d Latitude CSO Ahmed Fahour said in a statement.\u201cWe urge all our customers to be vigilant and on the look-out for suspicious behaviour relating to their accounts. We will never contact customers requesting their passwords.\u201dLatitude has suggested customers contact Australia\u2019s credit reporting agencies for a credit report to check for any suspicious activity and in New Zealand to check credit records.The financial services provider had initially isolated and removed access to some customer-facing and internal systems.\u201cWe continue to work around the clock to safely restore our operations. We are rectifying platforms impacted in the attack and have implemented additional security monitoring as we return to operations in the coming days,\u201d Fahour said.Investigation and Federal government actionThe incident is under investigation by the Australian Federal Police (AFP) and Latitude has reported the incident to the Australian Cyber Security Centre.The AFP has expanded Operation Guardian to help protect Latitude Services customers. Operation Guardian is a joint initiative with state and territory police\u00a0 and was set up in September 2022 to protect more than 10,000 customers whose personal information was unlawfully released online after the Optus data breach. It was also extended to Medibank Private customers.The AFP also said that there is no evidence to date that the personal details of Latitude Services customers are available or being sold on online or dark web forums.The AFP has recently announced a restructure in response to an increase in cybercrime, appointing Acting Deputy Commissioner, Crime, Grant Nicholls, who will be responsible for developing and managing the AFP\u2019s crime and cyber strategies and related policy issues and\u00a0Assistant Commissioner Scott Lee as the leader of Cyber Command.The Australian Federal government is seeking feedback from a discussion paper in order to put together a new cybersecurity strategy. This includes considering that Australia develops a Cyber Security Act and whether further reform to the\u00a0Security of Critical Infrastructure Act\u00a0is needed.Minister for Home Affairs and Cybersecurity Clare O\u2019Neil said in a statement, \u201cWhile we will never reduce this risk of these attacks to zero, how we respond and become more resilient as a nation is now more important than ever.\u201d\u201cThis government is working to ensure that in future digital identities are hard to steal and, if compromised, easy to restore,\u201d she said.