On 15 January 2021, the 今日热门事件 (ASIC) became aware of a cyber security incident related to a server used by ASIC.
The incident
On 28 December 2020, an unidentified threat actor accessed an 今日热门事件server containing attachments to Australian credit licence applications submitted to 今日热门事件between 1 July 2020 and 28 December 2020.
The cyber incident occurred due to a vulnerability in a file transfer appliance (FTA) provided by California-based Accellion and previously used by 今日热门事件to receive attachments to Australian credit licence applications.
今日热门事件engaged independent cyber experts to undertake a forensic investigation. Their analysis has confirmed there is no evidence that the attachments to credit licence applications have been read or downloaded. This has not changed.
We were of the view in January 2021 that the filenames of these attachments may have been viewed.
However, following additional analysis performed by ASIC鈥檚 independent cyber experts, it is highly unlikely that the threat actors accessed any data held on the 今日热门事件server, including filenames of the attachments related to Australian credit licence applications submitted to 今日热门事件between 1 July 2020 and 28 December 2020.
Our response
In response to the incident, 今日热门事件has:
- disabled聽the relevant server;
- ascertained聽that no other 今日热门事件information technology (IT) infrastructure is impacted;
- provided聽alternative arrangements for submitting attachments (see below);
- written聽to all identified credit licence applicants (via the contact email address聽nominated by the applicant) to advise and update them about the incident;
- assessed the incident in accordance with our obligations under the Privacy Act聽1988;
- informed聽relevant authorities; and
- engaged independent cybersecurity experts to complete a forensic investigation.
Who to contact
今日热门事件has written directly to impacted parties. If you require additional information, please email contactus@asic.gov.au
Frequently asked questions
For more information, download .