A financial services giant has been fined millions of dollars for a repeated breach of spam laws, including promoting credit cards without giving recipients a way to opt out.
Latitude Financial was forced to pay $3.96 million after the Australian Communications and Media Authority found it had broken the laws more than 2.7 million times, the regulator revealed on Wednesday.
The company sent more than 2.3 million spam messages between March 2024 and April 2025 which failed to include accurate contact information for the company as required by law.
Of those messages, 344,416 also lacked a working unsubscribe function.
Latitude - the largest non-bank consumer finance company in Australia - was forced to pay a $1.5 million fine for similar breaches in 2022.
Authority member Samantha Yorke said there was no excuse for Latitude's repeated compliance failures, as reflected by the scale of the latest fine.
"Latitude is now a two-time offender and it is disappointing that it let consumers down again," she said.
The messages, which promoted Latitude credit card products and financial services, told recipients they could reply "STOP" to unsubscribe. However, in many circumstances the function simply did not work.
Under Australian law consumers must have the option to unsubscribe from commercial messages which must also provide accurate contact information for the sender.
Latitude is now legally required to appoint an independent consultant to review its compliance with the spam laws and undertake regular and comprehensive reporting to the communications authority.
"Given Latitude's history of non-compliance, we will be very closely monitoring how it meets its obligations," Ms Yorke said.
In a statement to the ASX, Latitude acknowledged the fine and said it would work with an independent expert to ensure it complied with regulations.
"Upon becoming aware that it had sent potentially non-compliant SMSs, Latitude reported the matter to the ACMA and immediately strengthened its spam compliance processes," the statement said.
In March 2023, Latitude was the target of a major cyber attack in which the data of 7.9 million customers was stolen, including names, addresses, telephone numbers, dates of birth and driver's licence numbers.
Income and expense information for around 900,000 loan applications, including bank and credit card account details were also stolen.
A $1 million lawsuit brought against the company by an individual who claimed their information had reached the dark web following the breach was dismissed after a judge found it had little chance of succeeding.
