Iress hack investigation finds 20 OneVue files breachedBY JAMIE WILLIAMSON | TUESDAY, 2 JUL 2024 12:49PMAn internal investigation into the recent breach of Iress' GitHub user space found no evidence any of its client data was compromised, however 20 OneVue employees and clients weren't so lucky. On May 11, Iress' private user space on third-party platform GitHub, which managed software code before it goes live elsewhere, was accessed. In an update today, Iress said it's concluded its investigation into the incident, which occurred on May 13, and did not find any evidence that the Iress production environment, software or client data held on GitHub was accessed. However, it was confirmed shortly after the breach that a limited portion of the OneVue platform's production environment was accessed. Following investigation, Iress has now confirmed a limited amount of personal information relating to 20 OneVue employees and clients was accessed. This is because the part of the OneVue production environment that was accessed housed "information of a technical nature such as metadata, blank questionnaires and test files." The personal data was within those test files. "Each of these individuals has been contacted directly about the incident and provided with appropriate guidance and support," Iress said. Source code held in the Iress GitHub user space was also accessed and Iress said it is aware those responsible for the breach have threatened to publish the code. "Iress confirms that it does not rely on the secrecy of its code as a security measure and has continued to take steps to reinforce security controls to protect its software and systems," it said. Previously, Iress said that other statements made by the party responsible "do not align with the investigations made by Iress." The company has also engaged specialist cyber incident and forensic technology providers to assist in responding to the incident. "Iress has maintained regular service to clients throughout this incident and thanks its clients for their patience and support as we have worked to resolve this matter," Iress said. "Iress will keep the market informed if there are any further significant developments." At the time of the breach, about 1.5 million developers used the platform in Australia, with about 83,000 companies on its books. Related News |
Editor's Choice
AMP MySuper options power past double-digit returns
|APRA heightens expectations around trustees' spending
|Colonial First State reports strong super returns
|TelstraSuper produces 9.6% MySuper return
|Products
Expert Feed
Industry Events
Featured Profile
![Shail Singh Shail Singh](https://media.financialstandard.com.au/prod/media/library/Contacts/yqmjchgb-0002_featured_profile.png)
Shail Singh
AUSTRALIAN FINANCIAL COMPLAINTS AUTHORITY