Latitude Financial is forecasting a first-half statutory loss of between $95 million and $105 million after a cyber attack “closed or severely restricted” its ability to earn income for five weeks.
The anticipated financial hit from the cyber attack and ensuing large-scale data breach, which occurred back in mid-March, covers its inability to collect payments or accept new sign-ups for five weeks, as well as a “provision” for remediation costs.
The company provides credit cards as well as personal loans via retailers.
In an ASX filing [pdf], Latitude said that “new account originations and collections were closed or severely restricted for a period of approximately five weeks”, meaning it had lost income for the period, although it added that “regular commercial operations are now fully restored”.
The company is setting aside approximately $53 million after tax in the first half “for costs associated with the cyber incident”.
It suggested that this included about $7 million in costs already incurred, and an additional $46 million after tax for other remediation costs.
The provision, however, did not cover “the potential for regulatory fines, class actions, future system enhancements or an assumption of insurance proceeds,” Latitude Financial said, meaning the total cost of the incident is still unknown.
The company forecast statutory losses for both the half-year and full-year, and said it was “unlikely” to declare a dividend for the six months to June 30.
The attack led to the breach of some 14 million records containing personally-identifiable information. Latitude said it is continuing to support impacted customers, both current and former.
The company said the incident remained under federal police investigation.
It said it is also cooperating with a joint privacy investigation by Australian and New Zealand authorities, and warned that “extensive further enquiries from regulators are expected over the coming months.”
The company’s share price was down 6.56 percent at the time of publication.