On 15 January the Australian Securities and Investments Commission became aware of a "cyber-security incident" that affected a server that it was using. The glitch exposed sensitive information to unauthorised scriting, as ASIC has only now confessed.
In a press release with the amusing title of "Accellion cyber incident," ASIC does its best to shift the blame for the glitch onto the software company that it had hired to transfer files and attachments from one place to another. Various people seem to have been allowed to gain unauthorised access to a server which contained documents associated with recent applications for credit licences, although ASIC claims that nobody did so as far as it can see. An investigation is in progress.
The regulator has written: "It appears that there is some risk that some limited information may have been viewed by the threat actor."
ASIC is working on new ways by which people can send it credit application attachments and these will be implemented shortly. No other software at ASIC has been affected. It hopes that its IT people can bring systems back online safely.