Identity theft - Latitude & other hacks

Latitude came clean on which data of mine was stolen -


This has useful info on risk & recommended actions per credential stolen -
Latitude Cyber Incident Response (

Seems drivers licence number is the main worry for me. On this, VicRoads won’t change your licence number but is now issuing licences with card number made more visible, and for customers with these newly issued cards, identity checks via DVS (Commonwealth identity check service) require both Driver Licence Number and Card Number to be entered accurately. I noticed on a recent CBA credit card applications that Card Number was required, so it seems CBA use DVS. Maybe everyone does, I don’t know…

For older licences, Card Number is still mandatory when entering details for DVS checks but is ignored, so anyone with an older card whose Driver Licence Number may have been stolen should get it renewed asap. I believe VicRoads did this for all Optus customers who were hacked and they will eventually do the same for Latitude. But I wouldn’t wait for these wheels to turn.

Meanwhile you can apply for a credit ban to stop anyone taking out credit in your name using your driver licence number.

IDCARE Fact Sheet - Credit Bans - Australia

But this only lasts for 21 days, and requires a police report to extend, so should be used with care.

Luckily I needed to get my licence replaced last Nov and have one of the new ones. So I think / hope I will be OK.



Looking at the further info site, it looks like Vicroads will send out a replacement licence automatically to sort this out. So my plan is to sit back and relax.

*please let me know if I got this wrong and my plan sucks

1 Like

I think i will be getting one or two year licenses going forward.

we had issues with medibank private and my superfund database getting hacked

my wife had optus, i used them over ten years ago but they never co tasted me, possibly then too.

The worst part for me was superfund sent out email recently saying how to keep your information secure. …… and they were the ■■■■■■ who didn’t.

Big “I don’t need to do ■■■■, you do” vibes from me for Optus and Medibank.

Yeah, I think you are a bit vulnerable in the meantime, but you could request a credit ban to cover until VicRoads issue your replacement

1 Like

You don’t need to get a police report to extend your credit check ban. Just need to do the 21 days, then apply for 12 months.

You also need to remember to check the box to apply it across all providers. There are three, so if you don’t, it only applies to the one your account is with. Leaving the others accessible still.


Victorians confirmed as impacted will be issued a new licence/permit for free.

Shortly, VicRoads will directly contact impacted customers to confirm their licence details have been flagged on the Victorian Licensing Registry and when they can expect to receive their new card.

The Victorian Government will also activate a two-factor authentication process for essential identity verification checks for affected customers to provide an additional layer of protection. This will require impacted customers to provide both their licence and card number as part of any authentication processes.

This will be a centrally-managed process for impacted Victorians customers. You do not need to do anything, but VicRoads requests that you update your current address if you have recently moved.

1 Like

I’m not disputing what you say, but it seems to differ from the IDCARE advice. Do you have direct experience?


IDcare is useful to a point.

But use the info directly with the credit agencies, a police report is not compulsory. Your explanation of the breach, should be enough.

1 Like

I am concerned I might have been a part of this hack and latitude don’t have my current details to tell me about it.

(its things like drivers licence, DOB which have me most concerned. email has long been leaked somewhere else)

Is there anywhere you can check?

@CalDon I’ve created a new thread for this.
You certainly can request a replacement licence. I did that late last year because some of my details had become unreadable, but I didn’t have to justify it to VicRds at all.


Mine is due for renewal in a few months so I wasn’t looking to just replace the existing card.

Are you saying the newer cards have a licence number AND a card number? Mine must be an older one, there’s no obvious separate card number.

I’m probably inclined to see what the VicRoads process is and try to renew as part of that. And be very vigilant in the meantime.

Yep - my new licence has an obvious card number in addition to licence number. My wife’s older licence does not.

When I applied for a CBA credit card recently, I had to enter both licence and card numbers as part of ID check. For older cards, the recommendation is to enter a dummy card number which will be ignored. So if you have an older card and someone knows the licence number, they can use this approach to fake your identity.

By obvious, have they made the microscopic font larger? Or maybe that is why a dummy number works - it is impossible to accurately read the number even with a magnifying glass.

I have a Latitude 28 Degrees card that I’ve had for years. I have heard not one word from them, and TBH I’m not worrying all that much. If I get notified by VIcRoads that my licence details are suspect and I can get a new one, then I guess I will.

I got the card when it was owned by GE Money, and I liked it. It’s the most recommended card for overseas travel because of the foreign currency benefits. Since Latitude took over they’ve introduced a fee on overseas ATM withdrawals, so I’ve been thinking of replacing it with one that has the same forex terms but also free ATM withdrawals. I barely use cash here any more but overseas you always seem to need it.

1 Like

In exactly the same boat. My partner got a new 28 degrees card last year under latitude. So far neither of us have been contacted that our info is compromised. Weird how so many millions of peoples data was stolen but neither of ours (this far) seem to have been.

Yesterday the bulk email noted if you haven’t been contacted yet that your data was compromised essentially they don’t think it has been compromised (yet)

Wife got the dreaded email and is heading to Motor Reg on Monday to get her new license.
Apparently some data from one of our Frequent flyer programs was compromised as was a Hotel program that we have a ton of points in. Changed the passwords on both but will wait and see if we have to set up new accounts similar to my FFP’s when Medibank hacked us

I’m just wondering whether I applied for my card so long ago (2008 I think) that the data weren’t stored in the same place.

1 Like

I am wondering the same thing, plus have changed address, telephone number and licence type, Will wait to see if VicRoads contacts re getting new licence.

Good news for me is I already have a new Vic License so don’t need to change that again as my Lat stuff was years ago and if I was affected it was the old license.

But just a warning, these are the ones that are known, there is a massive uptick in hacking of Aus companies ongoing and I dare say a number of them haven’t told anyone yet until they have to. I also expect more will start happening.

Seems a lot of Aus companies (or companies working in Aus) got very, very complacent.

1 Like