Share this article on:
The hackers reportedly stole credentials from the GitHub repository and used them to access the firm’s OneVue.
Financial services software firm Iress has confirmed that an incident involving the unauthorised access reported this week extends beyond what was initially reported.
In an ASX listing, Iress said it has been investigating unauthorised access to its user space on GitHub, a third-party code repository platform that manages software code.
While Iress initially reported that there was no evidence customer data had been compromised in the incident, further investigation has revealed that the threat actors gained access to the firm’s OneVue using credentials stolen from GitHub, meaning data may have been accessed.
“In the course of the investigation, it has now been discovered that a credential within Iress’ GitHub user space was stolen and used to gain access to Iress’ OneVue production environment,” the firm said.
While this production environment is isolated to the OneVue businesses – MFA, Platform and OneVue Super – the OneVue “production environment” contains client data.
Iress said it is investigating the “extent and nature of the data accessed”.
“Investigations have substantially progressed across Iress’ other business lines, and at this time, we have found no evidence that the remainder of Iress’ production environment, software or client data has otherwise been compromised,” the firm said.
“Iress will continue to keep the market informed as the investigation continues.”
In an ASX announcement on Monday (13 May) morning, the technology firm said it “detected and contained” an unauthorised access to its user space on GitHub on Saturday (11 May).
GitHub is a third-party code repository platform that manages software code before it goes live in production on a separate platform.
At the time, the firm stressed that “Iress does not store client information on GitHub”.
“There is no evidence that client data has been compromised as a result of this issue. There is also no evidence that Iress’ production or client software has been compromised,” Iress said on Monday.
The circumstances have, however, now changed.
In April, Iress said it sold its platform business to Praemium for an initial $1 million in cash consideration and a further payment of up to an additional $20 million over an 18-month period as milestones are met.
At the time, Iress said an 18-month migration process would follow to move OneVue clients to the Praemium platform technology.
At this stage, a threat actor has not been identified, and based on initial investigations conducted by Cyber Daily, no data belonging to Iress or its customers has been listed online.
Cyber Daily also reached out to Iress seeking additional information but understandably was told the firm was unable to comment as investigations are still ongoing.
In light of the incident, Iress has “now commenced a process of strengthening access and security protocols out of an abundance of caution”.
“We do not anticipate any disruption to our business or our clients’ ability to use our software and systems,” it said.
This story was originally published by Cyber Daily’s sister brand, ifa, but contains some additional details added by Cyber Daily.