Latitude Group says that 7.9 million Australian and New Zealand driver licence numbers were stolen from its systems in the hack detected about a fortnight ago.
In addition, 53,000 passport numbers were stolen and fewer than 100 customers had a monthly financial statement stolen, the consumer finance company told the ASX on Monday.
Of the driver license data, Latitude said that 3.2 million numbers, or 40 per cent, were provided to the company in the last 10 years and the rest were older.
There were another 6.1 million records dating back to at least 2005 that were stolen, including names, addresses, telephone numbers and dates of birth.
"We recognise that today's announcement will be a distressing development for many of our customers and we apologise unreservedly," the company said.
"We are writing to all customers, past customers and applicants whose information was compromised outlining details of the information stolen and our plans for remediation."
Latitude will reimburse customers if they choose to replace their identity document, the company said.
Latitude disclosed on March 16 that a few days earlier it had detected a "sophisticated and malicious cyber-attack" on its systems, but at the time thought it involved hundreds of thousands of customer records, not millions.
""It is hugely disappointing that such a significant number of additional customers and applicants have been affected by this incident," CEO Ahmed Fahour, pledging a full review into what occurred.
The Australian Federal Police is investigating and the company is working with the Australian Cyber Security Centre and outside advisers.