Iress confirms code hub breach

  • FST Media
  • 15 May 2024
Iress GitHub breach

Wealthtech developer Iress has confirmed to the ASX that it has, in fact, been the victim of a cyber breach incident following a previous report that it was not impacted.

In its statement to the securities exchange, Iress said it has been investigating unauthorised access to its user space on GitHub, a third-party repository platform which manages and stores software code for developers.

“In the course of the investigation, it has now been discovered that a credential within Iress’ GitHub user space was stolen and used to gain access to Iress’ OneVue production environment,” Iress wrote in its statement.

Iress confirmed that the production environment is isolated to the OneVue businesses alone, which includes MFA, Platform and OneVue Super.

However, the OneVue production environment does, the firm said, contain client data – contradicting a previous statement on the matter issued two days earlier.

Iress said that it is currently investigating the extent and nature of the data accessed.

There is, Iress wrote, currently no evidence that the remainder of Iress’ production environment, software or client data has been compromised.

In a previous statement to the ASX issued on Monday, Iress sought to reassure advisers that it had contained the incident, which involved unauthorised access to its code repository hosted on GitHub.

Iress at the time said it does not store client information on GitHub.

It added that it had restricted access to the code sharing and collaboration service immediately upon discovery and had commenced a “rapid investigation”.

“There is no evidence that client data has been compromised as a result of this issue. There is also no evidence that Iress’ production or client software has been compromised,” the company said at the time.

“Iress has now commenced a process of strengthening access and security protocols out of an abundance of caution.”

“We do not anticipate any disruption to our business or our clients’ ability to use our software and systems.”

The firm added: “Iress is making this announcement in the interests of transparency and keeping all stakeholders informed. The Company takes information security extremely seriously and has notified relevant authorities.”

Earlier this year, Iress agreed to sell its OneVue investment management platform business to fellow wealthtech Praemium. The firms will engage in an 18-month migration process to move OneVue clients to the Praemium platform.

The OneVue client base counts around $4 billion in funds under management.

 

Share This Post
Related News
Bank Guarantee
AMP partners to deliver end-to-end digital bank guarantees
profit
ZipCo records ‘largest ever’ quarterly earnings upswing
Remittance payments
Paytech Monoova enables instant cross-border payments
nz unbanked
Westpac NZ pilots basic bank account to address unbanked gap
AI accountant
Accountants want more AI, but big skills gap is hampering adoption: CAW

This site uses cookies. Find out more about cookies and how you can refuse them.

I Accept