Australian Regulator Data Breach, 27 January 2021

ASIC reports server breached via Accellion vulnerability

File Transfer Applications were downloaded illegally during the breach

Company Statement: Accellion cyber incident
Source: ASIC reports server breached via Accellion vulnerability | ZDNet
More reports from: ZDNet.

Australia’s securities regulator said on Monday there was a cyber security breach at a server it used to transfer files including credit licence applications where some information may have been viewed.

“This incident is related to Accellion software used by ASIC to transfer files and attachments,” the corporate regulator said in a notice posted on the evening before a public holiday.

“While the investigation is ongoing, it appears that there is some risk that some limited information may have been viewed by the threat actor,” the regulator said in a statement late on Monday.

“Based on the results of our investigation and analysis to date we have been able to tell stakeholders which of their files on the File Transfer Application were downloaded illegally during the breach,” he said.

The server has been disabled and no other tech infrastructure has been breached, ASIC added.