Latitude Financial shares have dropped to a seven-week low after the consumer lender detailed the extent to which its operations and earnings had been hurt by a March cyber attack.
Latitude said on Friday it had stopped processing new accounts and collections for five weeks following the hack, a business disruption it expects will cost it $7 million.
The company said it had set aside $46m related to the massive data theft, mostly for customer remediation costs, a figure that does not include the potential for regulatory fines, class actions or future system enhancements.
Latitude said the hacker used privileged credentials from a third-party vendor to access its systems and steal the data of 7.9 million customers, past customers and applicants.
The hacker stole driver's licence numbers; personal details such as names, addresses, telephone numbers and dates of birth; and income and expense information for 900,000 loan applications, including bank and credit card account details.
But the stolen accounts did not include bank passwords or credit card expiry dates or card verification codes (CVCs).
Latitude is the largest non-bank consumer finance company in Australia, offering unsecured personal loans, car loans and credit cards both domestically and in New Zealand.
Latitude said it still expects to make a cash profit of around $5m to $10m for the six months to June 30 and a full-year cash profit of between $15m to $25m.
Including the funds set aside, however, Latitude is forecasting it would declare a first-half statutory loss of $95m to $105m, and is unlikely to declare a dividend for the six months to June 30.
Latitude said the attack was still under investigation by the Australian Federal Police and it was co-operating with both Australian and New Zealand authorities.
At 1.38pm AEST, Latitude shares were down 5.4 per cent to $1.225.