Australia’s Iress Ltd (IRE.AX) said on Wednesday a stolen credential from its third-party user space was used to gain access to client data in the production environment of the financial services software platform OneVue over the weekend.
“It has now been discovered that a credential within Iress’ GitHub user space was stolen and used to gain access to Iress’ OneVue production environment,” the financial software firm said in an exchange filing.
“The OneVue production environment contains client data and we are investigating the extent and nature of the data accessed.”
OneVue’s production environment is isolated to the platform’s businesses – MFA, Platform and OneVue Super.
Praemium (PPS.AX), which acquired OneVue Platform Business (IOPB) last month, clarified that the breach was only at the OneVue business, and no Praemium technology or client data had been compromised.
“At this time Praemium has no indication from Iress that OneVue client data has been compromised,” Praemium said.
Iress earlier in the week disclosed that the data breach at the user space on GitHub was identified over the weekend, and clarified that it does not store any client information on it.
Simultaneous investigations in Iress’s other business segments are being carried out and no other data breach instances have been identified yet.
Content Courtesy – Reuters