Allens, a prestigious Australian law firm, has had its third-party vendor compromised in a cyber attack. The breach may expose highly sensitive information related to one of the firm’s biggest clients, Westpac.
A little over 2 weeks ago, third-party file sharing provider was breached, threatening the security of all of its clientele, including two other prestigious clients - the Royal Bank of New Zealand and the Australian Securities and Investments Commission (ASIC).
The ripple effects of this breach are still spreading with more and more businesses discovering that they have been impacted.
Allens defended Westpac against the accusations of financial crimes regulator AUSTRAC. The lawsuit resulted in the largest fine in Australian history, settling at $1.3 billion.
This breach may have exposed the confidential documents associated with this anti-money laundering lawsuit.
A Westpac source told the Australian Financial Review that the bank was confident that none of its customer data had been breached, but this is merely a conjecture.
The true impact of the breach will only be revealed when investigation findings are published.
The Australian Cyber Security Centre (ACSC) published an announcement to warn businesses about Accellion’s vulnerability.
“The ACSC has been working with cyber security partners to assist Australian organisations in relation to a SQL injection vulnerability in the Accellion File Transfer Appliance (FTA). If exploited, this vulnerability may provide an attacker with access to content stored on and accessible by the FTA instance” ACSC said.
The compromised FTA software is a 20 year old legacy product by Accellion and ASIC recommend that businesses “migrate to currently supported products.”
In the world of tech, It isn’t the oldest products that support a positive reputation, but the most up-to-date..
The difficulty lies in identifying security vulnerabilities beneath the distracting shiny surface of industry experience.