POWERED BY MOMENTUM MEDIA
Iress says cyber breach was limited to small number of clients
In a statement to the ASX, Iress said it has concluded its internal investigation into the unauthorised access of Iress’ user space on GitHub first announced in May.
The breach impacted OneVue’s managed funds administration, platform, and superannuation division.
While at the time, Iress said “there is no evidence that client data has been compromised”, it has now confirmed that some data had been accessed.
“The investigation has found no evidence of unauthorised access to Iress’ production environment, software or client data other than a limited portion of Iress’ OneVue production environment,” Iress said in an ASX listing.
“This environment primarily contained information of a technical nature such as metadata, blank questionnaires and test files.
“Within the test files, Iress also identified a limited amount of personal information relating to 20 individuals who were employees of OneVue and its clients, and had entered their personal information for testing purposes.”
Iress said that each of these individuals has been contacted directly about the incident and provided with “appropriate guidance and support”.
The firm said that it has engaged specialist cyber incident and forensic technology providers to assist in response to the incident.
Iress has again said that it is aware of statements made by the alleged threat actor regarding publishing source code taken from Iress’ GitHub user space, which it had previously said “do not align with the investigations made by Iress to date”.
“Iress confirms that it does not rely on the secrecy of its code as a security measure and has continued to take steps to reinforce security controls to protect its software and systems,” Iress said on Tuesday morning.
“Iress has maintained regular service to clients throughout this incident and thanks its clients for their patience and support as we have worked to resolve this matter.”
GitHub is a third-party code repository platform that manages software code before it goes live in production on a separate platform.
In May, the firm said that “Iress does not store client information on GitHub”.
“Iress restricted access to GitHub immediately upon discovery and commenced a rapid investigation,” it said at the time.
“There is no evidence that client data has been compromised as a result of this issue. There is also no evidence that Iress’ production or client software has been compromised.”
AUTHOR
Keith Ford
Recommended for you
The government’s adjustment to the Future Fund’s mandate could set a dangerous precedent, warns an economist, raising concerns that it may pave the way for problematic future policies in the superannuation industry.
Westpac has delayed its rate cut forecast, aligning with its peer NAB’s outlook on the likely trajectory for the Reserve Bank of Australia’s cash rate.
APRA should release the data it has collected since 2021 on account-based pension investment returns now, says one of the superannuation sector’s peak associations.
Treasurer Jim Chalmers has announced a suite of new reforms as the government doubles down on its focus on strengthening retirement outcomes.
TOP PERFORMING FUNDS
ACS FIXED INT - AUSTRALIA/GLOBAL BOND
Fund name
3y(%)pa
1
Spire Oaktree Opportunities XI Second Close
61.07 3 y p.a(%)
2
Spire Oaktree Opportunities XI First Close USD
59.21 3 y p.a(%)
3
DomaCom Lot 21 Chellaston Road Munno Para West SA 5115 Australia
31.56 3 y p.a(%)
4
Fidante Credit Suisse Global Private Equity
31.06 3 y p.a(%)
5
DomaCom 4/27 Crombie Avenue Bundall QLD 4217 Australia
26.81 3 y p.a(%)
