Exclusive: The array of deeply intimate financial information today confirmed as stolen in the Latitude hack is "as bad as it gets", a cyber privacy expert has declared, leaving 290,000 victims potentially vulnerable to blackmail, extortion and theft.
9news.com.au can confirm hackers gained access to highly private banking, work and personal records that almost 300,000 Latitude customers had entrusted to the firm, including details of employment, income, household expenses, assets and liabilities. Hackers also hoovered up those customers' BSB and account numbers.
The 290,000 people affected are part of the 14 million overall customer records known to have been stolen in the breach.
READ MORE: Ever seen silver tape patched on a plane wing? Here's why you shouldn't panic
Today's revelations depict an alarming level of exposure, privacy expert Dr Brendan Walker-Munro told 9news.com.au.
"In terms of exploitation, this is as bad as it gets," Walker-Munro said.
"This kind of financial detail is on a scale worse than Optus, closer to Medibank.
"With Medibank the danger was criminals using the stolen data to blackmail or harass people with vulnerable or compromising medical conditions.
"Here, they can just go straight for the money."
The full extent of the hack has grown significantly worse since the company revealed the attack in March.
Walker-Munro said the breadth and specificity of information taken from 290,000 customers allowed anyone who holds it to essentially mimic a victim's legal identity to a financial institution.
"A criminal could apply for bank accounts, loans, credit cards – the works."
Although cyber criminals can just falsify things like someone's assets and expenses, having the actual details of a real-life person gives scammers a detailed example of a customer who has already received credit, Walker-Munro explained.
"This means they don't have to try to game the algorithms behind the credit decisions by making up 'believable' numbers."
EXPLAINED: What to do if your data is compromised in a company hack?

Hackers can also potentially use that detail to access accounts already held in the name of that customer, he said, or to try and get more information about the person from a government department.
Almost 8 million drivers licenses are known to have be stolen.
Walker-Munro also warned of the possibility that hackers could use this kind of highly personal information in a direct blackmail or ransom scenario.
A victim could get a phone call from criminals threatening to expose how close they are to bankruptcy, or their level of debt, unless a ransom of Bitcoin was paid.
"You have to remember that, statistically, at least some of the customers in the hacked data were having debts recovered from them by Latitude for overdue payments, contract breaches and other things," he said.
READ MORE: Tobacco giant fined $958m for secret North Korea operation
A Latitude spokesperson confirmed "approximately 290,000 BSB and account numbers provided for personal loan disbursements, as well as income and expense information used to assess loan applications", were compromised in the March cyber-attack.
"No account passwords were stolen," the spokesperson told 9news.com.au.
"Some cancelled or expired credit card numbers provided for debt consolidation were also compromised.
"No card expiry dates or CVC numbers were stolen."
Have you been affected by the Latitude hack? Email ************@******om.au” target=”” >Sign up here to receive our daily newsletters and breaking news alerts, sent straight to your inbox.