Iress completes investigation into cyber breach

iress cybersecurity cyber

2 July 2024
| By Laura Dew |
expand image

Iress has completed its internal investigation following a cyber incident earlier this year.

The firm suffered a cyber breach on 11 May which affected the OneVue production environment containing client data after a credential within the user space was stolen.

The breach affected the OneVue managed funds administration, platform and superannuation division.

At the time, the firm said it was carrying out an internal investigation and would update the market once this had been completed.

Making a statement to the ASX on 2 July, the technology firm said it has now completed the internal investigation into the breach. 

“The investigation has found no evidence of unauthorised access to Iress’ production environment, software or client data other than a limited portion of Iress’ OneVue production environment. This environment primarily contained information of a technical nature such as metadata, blank questionnaires and test files. 

“Within the test files, Iress also identified a limited amount of personal information relating to 20 individuals who were employees of OneVue and its clients, and had entered their personal information for testing purposes. 

“Each of these individuals has been contacted directly about the incident and provided with appropriate guidance and support. Iress has also engaged specialist cyber incident and forensic technology providers to assist in response to the incident.”

It also shed light on statements made by an alleged threat actor regarding publishing source code taken from Iress’ GitHub user space. 

“Iress confirms that it does not rely on the secrecy of its code as a security measure and has continued to take steps to reinforce security controls to protect its software and systems.”

Iress completed a sale of its OneVue platform business to Praemium earlier this year, which is expected to take 18 months to migrate across to Praemium technology. This was for an initial $1 million in cash consideration and a further payment of up to an additional $20 million over an 18-month period as milestones are met.

In its own statement regarding the investigation, Praemium said: “The investigation has not identified any adverse impact on the Iress OneVue Platform Business (IOPB) acquired by Praemium on 15 April 2024. This incident was first announced by Iress on 13 May 2024. On 15 May 2024, Praemium was informed that this incident may impact IOPB.

“The investigation was supported by specialist cyber incident and forensic technology providers. Praemium
is grateful for Iress’ cooperation during the period from observing the incident to its conclusion today.”

Last month, Money Management wrote about how ASX-listed businesses, including Iress, are required to report cyber security incidents to the market. These cover the four R’s of readiness, response, recovery, and remediation.

Failure to promptly notify of a data breach is a breach of ASX listing rules and could have serious legal consequences for contravening the Corporations Act.

Read more about:


Submitted by TJ on Tue, 2024-07-02 12:48

TEST - working?

Submitted by Tim Johnson on Tue, 2024-07-02 12:49


Add new comment

The content of this field is kept private and will not be shown publicly.

Recommended for you

sub-bgsidebar subscription

Never miss the latest news and developments in wealth management industry



Wow. This has been festering unchecked and unsupervised under the Coalition for a decade. Finally a light is being shone...

50 minutes 32 seconds ago

The risk and cost just isn't worth being an advisor I suspect. I did my DFP qual about 5 years ago 'for fun' and got reg...

2 days 23 hours ago
A concerned member

ART might be reporting that but most of their members are not in that option. Very convenient reporting ART compared to ...

3 days 1 hour ago

More than 20 winners from the funds management industry have been crowned at this year’s awards....

3 weeks 4 days ago

ASIC has obtained interim orders from the Federal Court to freeze the assets of a registered managed fund and prevent its former director from leaving Australia. ...

2 weeks 4 days ago

The corporate regulator has made a suspension and a cancellation of the AFSL of two Queensland-based firms. ...

3 weeks 3 days ago