Latitude Financial has been penalized nearly $4 million for violating Australia’s spam regulations, having sent out millions of marketing communications that lacked proper contact details.

The financial service provider, which specializes in credit cards and loans, previously faced a $1.5 million penalty in 2022 for similar infractions.

As part of the recent ruling, Latitude is mandated to enlist an independent consultant to evaluate its adherence to spam laws and to provide regular updates to the communications authority.

The Australian Communications and Media Authority (ACMA) imposed a fine of $3.96 million on Latitude Financial due to extensive breaches of spam regulations, with the company found to have infringed the laws over 2.7 million times. This information was disclosed by the regulator on Wednesday.

Between March 2024 and April 2025, Latitude distributed over 2.3 million spam messages that did not include the necessary and accurate contact information mandated by law. Furthermore, nearly 345,000 of these messages failed to offer a functional unsubscribe option.

Samantha Yorke, a member of the authority, expressed disappointment over Latitude’s ongoing compliance issues, emphasizing that the company is now a repeat offender. “It is regrettable that Latitude has once again let consumers down,” Ms. Yorke remarked. “Spam regulations have been established for more than two decades, and there is absolutely no justification for continued non-compliance, especially following previous enforcement actions.”

The promotional messages, which advertised Latitude’s credit card offerings and financial services, instructed recipients to reply with “STOP” to unsubscribe. However, in many cases, this option was ineffective.

According to Australian law, consumers must be provided with a method to opt-out of commercial communications, which must also contain accurate sender information.

In light of its history of non-compliance, Latitude is now under close scrutiny to ensure it fulfills its obligations, as indicated by Ms. Yorke.

In a related context, Latitude was previously affected by a significant cyberattack that compromised the personal data of 7.9 million customers, including sensitive information such as names, addresses, phone numbers, dates of birth, and driver’s license numbers. Additionally, data regarding income and expenses related to approximately 900,000 loan applications, including banking and credit card information, was also stolen.

A lawsuit seeking $1 million, filed by an individual who alleged that their data was leaked onto the dark web following this breach, was dismissed by a judge who deemed it unlikely to succeed.

Prior to the public announcement of the penalty, Latitude chose not to provide any comments regarding the situation.