A major finance firm has been hit by a serious cyberattack. 

Latitude Financial has reported that it has been the victim of a “sophisticated and malicious cyberattack” that resulted in the theft of approximately 103,000 identification documents and 225,000 customer records. 

The company detected “unusual activity” on its systems and believes that the attack originated from a third-party vendor. 

The attacker apparently gained access to the company's systems by using stolen employee log-in credentials from one vendor to log into two other service providers to steal customer files and ID documents. 

Following the incident, Latitude's shares were placed in a trading halt. The company is working with cyber authorities to investigate the attack and is taking steps to contain the incident and prevent further data theft. 

The company has pledged to contact impacted customers and to provide further updates to the ASX. 

The incident follows similar attacks on Medibank and Commonwealth Bank's Indonesian subsidiary.