Australian corporate regulator acknowledges cyberattack on its servers in January.
The Australian Securities and Investments Commission (ASIC), the independent commission of the Australian Government has announced it was made aware of a cyber security incident affecting a server used by ASIC, on January 15, 2021.
This incident was related to the Accellion software used by ASIC to transfer files and attachments. It involved unauthorised access to a server which contained documents associated with recent Australian credit licence applications.
While the investigation is ongoing, it appears that there is some risk that some limited information may have been viewed by the threat actor. At this time ASIC has not seen evidence that any Australian credit licence application forms or any attachments were opened or downloaded.
“As a precaution, and to protect information and systems, ASIC has disabled access to the affected server,” stated ASIC.
ASIC is working on alternative arrangements for submitting credit application attachments which will be implemented shortly. No other ASIC technology infrastructure has been impacted or breached.
The organisation is also working with Accellion and has notified the relevant agencies as well as impacted parties to respond to and manage the incident.
ASIC’s IT team and cyber security advisers engaged by ASIC are undertaking a detailed forensic investigation and working to bring systems back online safely.
The attack occurred about the same time as an attack on the Reserve Bank of New Zealand, where a breach of a third-party file sharing service used to share information with external stakeholders.