Seems finger is being pointed at DXC for a serious financial services security breach at Latitude
https://www.afr.com/technology/revealed-how-hackers-used-a-tech-giant-to-get-inside-latitude-financial-20230323-p5cukr
Now where is that magical Platform-X when you need it?
12 replies (most recent on top)
This is the sort of thing that CEOs resign over. If it’s pointed back at DXC., tens of millions damages. Or it could be hackers were already inside the system and then obtained a DXC login somehow by spoofing the credential systems. It’s interesting what the attack vector is.
Australian Financial Review (AFR) is like the Wall Street Journal or UK Financial Times and is a very credible news source. Latitude is the old GE Capital Consumer Finance account purchased in Australia by KKR a few years back.
Press are reporting today that the data stolen includes customer details over the last 10 years, affecting about 14m people in Aus and NZ. Data lost includes a lot of identity info for 7.9m people including 3.2m drivers licences and 53,000 passport details.
I’m not surprised something like this would happen on DXC watch. DXC Aus is just a sales office, they’ll write anything in contracts just to get a deal and then beat the delivery staff to cut costs when the deal doesn’t make money. Most good security experts left for much better pay and many accounts are now run by offshore security teams. Local clients have a lot of ex DXC/CSC employees who are now asking DXC some difficult and awkward questions.
This is a big deal and the Australian Federal Police are involved. If this is the fault of lax DXC management, there is nowhere for them to hide. I’m sure they’ll find some low-level grunt to blame because we all know it couldn’t possibly be the greed of the Executive and Sales teams, could it.
background to original data breach story is here (not behind a paywall)
https://www.itnews.com.au/news/latitude-financial-breach-impacts-225000-customers-592152
To summarise the article for those that cannot circumvent the paywall - Australian financial services organisation (Latitude) suffered a significant data breach and hundreds of thousands of clients financial details and driving licences and other ID documents like passport details have been exposed
They are claiming they have traced the breach to a DXC employee account who had admin level access to their environment (DXC is a service provider to Latitude). So Latitude via the press (Australian Financial Review is regarded as a senior news organisation akin to UK Financial Times) seems to be throwing DXC under the bus.
DXC are denying all of this - so its possible it will end up in a public court case as Latitude sues DXC for damages to mitigate the punishment it will receive from the Australian financial regulators for "allowing" this to happen
High stakes all around here
Can you explain the method used to get round the paywall?
To get around the paywall:
https://12ft.io/proxy?q=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Frevealed-how-hackers-used-a-tech-giant-to-get-inside-latitude-financial-20230323-p5cukr
If it was attributable to DXC in some way this is what happens when you get rid of the more expensive experienced staff to replace them with cheap location and college hires! Sadly was only a matter of time.
@uuo+1lNquSPr - Thank you very much.
@fzu+1lNquSPr Look up on web archives - https://archive.is/brbWi
article is behind a pay wall, any summary?
https://dxc.com/au/en/about-us/newsroom/press-releases/03172023
Actually Platform-exit caught the hacker red-handed.