Corporate watchdog ASIC hit with cyber attack – Sydney Morning Herald

About 130 entities seeking a credit licence were impacted by the ASIC breach, including new applicants and existing financial institutions looking to modify their licence.

In the ASIC breach, hackers accessed the that contains documents for recent Australian credit licence applications and their attachments. Those attachments would usually include detailed financial and other confidential documents from applicants.

“While the investigation is ongoing, it appears that there is some that some limited information may have been viewed by the actor,” ASIC said.

“At this time ASIC has not seen evidence that any Australian credit licence application forms or any attachments were opened or downloaded.”

Sources who were not authorised to comment on the record said the ASIC hackers most likely could only see the name of the applicants that had made applications during the hack period and the title of the attachments but not the content. There are fears the hackers could present screenshots of the information they’ve stolen and demand ransom payments from groups caught in the ASIC sting.

It’s another headache for the corporate watchdog which is still without a permanent chairman following James Shipton’s decision to stand aside during Treasury’s investigation into his tax advice payment.

Australian Signals Directorate’s Australian Cyber Security Centre said last week it had been working with security partners to assist Australian corporations affected by the Accellion since January 12. It urged affected corporations to conduct an audit of its file transfer appliance accounts and to upgrade from the vulnerable legacy product to one of Accellion’s currently supported products.

Accellion said in a statement earlier this month it had fixed the issue it first detected in December 2019 and estimated about 50 of its clients were affected

Robert​ Ishak, a cyber security expert and principal at William Roberts Lawyers, said the Accellion was another example of how Australia was lagging other countries in assessing and preventing cyber attacks.

“Corporate Australia has a lot more to do to protect itself. It’s like we’ve been sleeping in the house and leaving our doors unlocked,” he said.

“In my view it would be a breach of their directors’ duties if directors are not considering cyber risk on a regular basis. It’s not a one-off tick-a-box approach.”

Business Briefing

Start the day with major stories, exclusive coverage and expert opinion from our leading business journalists delivered to your inbox. Sign up for the Herald‘s here and The Age’s here.

Most Viewed in Business



Leave a Reply