“While the investigation is ongoing, it appears that there is some risk that some limited information may have been viewed by the threat actor.
“At this time ASIC has not seen evidence that any Australian credit licence application forms or any attachments were opened or downloaded.”
ASIC has been forced to shut down its online application system while it investigates the breach. It is working on establishing alternative arrangements.
It’s another headache for the corporate watchdog which is still without a permanent chairman following James Shipton’s decision to stand aside during Treasury’s investigation into his tax advice payment. The watchdog has also been criticised by the Treasurer over its pursuit of Westpac over alleged breaches of responsible lending laws.
ASIC said it has contacted “impacted parties” to respond to and manage the incident. It is unclear how many applications were accessed.
Australian Signals Directorate’s Australian Cyber Security Centre noted its concerns about Accellion breach a week ago. It said since January 12 it had been working with security partners to assist Australian corporations affected by the Accellion vulnerability.
It urged affected corporation to conduct an audit of its file transfer appliance accounts and to upgrade from the vulnerable legacy product to one of Accellion’s currently supported products.