Home

ASIC server hit by cyber security breach

Reuters
The server has been disabled and no other tech infrastructure has been breached, ASIC added.
Camera IconThe server has been disabled and no other tech infrastructure has been breached, ASIC added. Credit: TheWest

Australia’s securities regulator has suffered a cyber security breach on a server it used to transfer files including credit licence applications where some information may have been viewed.

The Australian Securities and Investment Commission said it became aware of the incident on January 15, though it does not appear the credit licence forms or attachments were downloaded.

“While the investigation is ongoing, it appears that there is some risk that some limited information may have been viewed by the threat actor,” the regulator said in a statement late on Monday.

“ASIC is working on alternative arrangements for submitting credit application attachments which will be implemented shortly.”

Get in front of tomorrow's news for FREE

Journalism for the curious Australian across politics, business, culture and opinion.

READ NOW

The server has been disabled and no other tech infrastructure has been breached, ASIC added.

The incident occurred with the file sharing software provided by California-based Accellion.

“ASIC is working with Accellion and has notified the relevant agencies as well as impacted parties to respond to and manage the incident,” the watchdog said.

“ASIC’s IT team and cyber security advisers engaged by ASIC are undertaking a detailed forensic investigation and working to bring systems back online safely.”

The same software was also used by New Zealand’s central bank, which faced a cyber attack earlier this month.

In a statement to The Australian, said Accellion said the breach was related to a 20-year old legacy product, Accellion FTA.

“In mid-December, Accellion was made aware of a P0 vulnerability in its legacy File Transfer Appliance (FTA) software,” a spokesman told the newspaper.

“Accellion resolved the vulnerability and released a patch within 72 hours to the less than 50 customers affected.

“While Accellion maintains tight security standards for its legacy FTA product, we strongly encourage our customers to update to kiteworks, the modern enterprise content firewall platform, for the highest level of security and confidence.”

Reuters

Get the latest news from thewest.com.au in your inbox.

Sign up for our emails