This incident is related to Accellion software used by ASIC to transfer files and attachments. It involved unauthorised access to a server which contained documents associated with recent Australian credit licence applications.

While the investigation is ongoing, it appears that there is some risk that some limited information may have been viewed by the threat actor. At this time ASIC has not seen evidence that any Australian credit licence application forms or any attachments were opened or downloaded.

Our response

As a precaution, and to protect information and systems, ASIC has disabled access to the affected server. ASIC is working on alternative arrangements for submitting credit application attachments which will be implemented shortly. No other ASIC technology infrastructure has been impacted or breached.

ASIC is working with Accellion and has notified the relevant agencies as well as impacted parties to respond to and manage the incident.

ASIC’s IT team and cyber security advisers engaged by ASIC are undertaking a detailed forensic investigation and working to bring systems back online safely.

If you have been impacted

ASIC has written to directly impacted parties. If you require additional information, please email contactus@asic.gov.au.