Latitude Financial Data Breach Proves Privacy Must Take Priority

Electronic Frontiers Australia says the Latitude Financial data breach proves the government is too meek in its approach to privacy.

Now affecting nearly 8 million people, this breach joins the Optus breach in September 2022 and the Medibank breach in October 2022 to become the third breach of millions of people’s data in just six months. Every data breach is harmful, and it’s clear that the current approach isn’t working.

“Enough is enough,” said Justin Warren, Chair of EFA. “There is now no credible reason to deny Australians the privacy protections we’ve been demanding for years. These businesses have had decades to figure out how to keep our data safe and they have comprehensively failed. There must now be consequences.”

While the changes to the Privacy Act that have been proposed are encouraging, they do not go nearly far enough. EFA demands that the government take up all of its recommendations for changing the Privacy Act to ensure that the privacy rights of Australians are prioritised over the narrow and self-serving interests of businesses.

“Those organisations that have put in the work are at a massive disadvantage when companies like Latitude are allowed to make mistakes on this scale. Unless the market incentives are changed, we will continue to see data breaches like this. Australians are fed up.”

People are now at constant risk of identity fraud—and worse—because organisations collect too much information, keep it too long, and store it insecurely. It’s clear that existing privacy protections are ineffective and must be changed. Organisations have had more than enough time to take action on their own, and have chosen not to. They must now be forced to change their ways.

“Governments also need to have a good, hard look at themselves for their contribution to this mess. They keep putting us in danger with their never-ending surveillance laws because they care more about the paranoid rantings of law enforcement than they do about ordinary people,” he said.

Data that isn’t collected can’t be lost. Instead of making the problem worse, governments need to change their thinking and stop trying to do more of the same things that have failed dozens of times already.

“We don’t need more advice to be vigilant,” says Warren, “We need the power to take action against companies that fail us like this. If you won’t do your job, get out of the way and we’ll sort this out ourselves.”

Media Contact

For media enquiries relating to this story, please contact

Skip to content