The Australian Securities and Investment Commission (ASIC) has confirmed it had a cyber security incident affecting Accellion software, a server it used to transfer files, including private information from recent credit license applications.
The regulator said it became aware of the breach on January 15, adding that the cyber attacker did not seem to download the credit license forms or attachments but might still have viewed some limited information. As a result, it disabled access to the affected server.
ASIC offered assurances that it is working on alternative arrangements for submitting credit application attachments, which will be implemented shortly.
It added: “ASIC is working with Accellion and has notified the relevant agencies as well as impacted parties to respond to and manage the incident.
“ASIC's IT team and cyber security advisers engaged by ASIC are undertaking a detailed forensic investigation and working to bring systems back online safely.”
No other ASIC technology infrastructure has been impacted or breached, says ASIC.