Australian digital payments and lending firm Latitude Group Holdings Ltd said on Thursday that a hacker had stolen personal information held by two service providers through employee login credentials.

About 103,000 identification documents, more than 97 per cent of which are copies of drivers’ licences, were stolen from the first service provider, while about 225,000 customer records were stolen from the second service provider.

Latitude said it had detected unusual activity on its systems over the last few days.

“The activity is believed to have originated from a major vendor used by Latitude,” the company said.

Australia has been hit by a slew of cyber attacks since late last year, with the largest being health insurer Medibank Private and Optus, the local unit of Singapore Telecommunications.

Latitude said it is working with the Australian Cyber Security Centre and relevant law enforcement agencies, along with isolating and removing access to some customer-facing systems in order to contain the incident.

• Reporting by Upasana Singh in Bengaluru; Editing by Devika Syamnath and Maju Samuel, of Reuters.