A joint Australia-New Zealand investigation has been launched after the theft of personal information from consumer finance giant Latitude Group earlier this year.
The Office of the Australian information Commissioner (OAIC) and the New Zealand Office of the Privacy Commissioner (OPC) will examine the personal information handling practices of the Latitude companies.
Hackers gained access to the data of about 290,000 customers, including details of employment, income, household expenses, assets and liabilities, BSB and account numbers.
The OAIC investigation will focus on whether Latitude took reasonable steps to protect the personal information entrusted to them.
The investigation will also consider whether Latitude took reasonable steps to destroy or de-identify personal information that was no longer required.
If the investigation finds that Latitude breached one or more Australian Privacy Principles, the group could be ordered to ensure the practices that led to the breach is not repeated, and to "redress" any loss or damage.
Serious privacy breaches, if discovered, could merit a penalty of up to $50 million for each contravention of Australian privacy law.
The OAIC will not comment any further before the investigation is finished.
9News.com.au has contacted Latitude Financial for comment.
Warning over 'true blue' texts from supposed 'mate'
Sign up here to receive our daily newsletters and breaking news alerts, sent straight to your inbox.