It’s been a bad start to the year for Accellion.
The cyber attack against the third-party file sharing solution threatens three of its high profile clients - Reserve Bank of New Zealand, Westpac and now the Australian Security and Investments Commission (ASIC).
In an official statement, published 10 days after the incident, ASIC revealed that the breach exposed recent Australian credit licence applications.
“It involved unauthorised access to a server which contained documents associated with recent Australian credit licence applications.” ASIC said in their statement.
Investigations are ongoing but ASIC already admits the likelihood of application information being compromised.
“While the investigation is ongoing, it appears that there is some risk that some limited information may have been viewed by the threat actor.”
ASIC has completely isolated the impacted server to prevent further compromise. Credit licence applications will be disrupted until a safe submission alternative is made available.
“ASIC’s IT team and cyber security advisers engaged by ASIC are undertaking a detailed forensic investigation and working to bring systems back online safely.”
Third-party breaches are a big problem. A single breach impacts all of the businesses using the compromised software.
We’ve barely folded over the first month of the year and already three prestigious businesses have been impacted by a compromised vendor. This is only a month after the U.S government disclosed was breached through its third-party vendor SolarWinds.
It seems like cybercriminals have discovered a clearly overlooked attack vector, and have now shifted their focus towards it.