investor daily logo

Iress reports data breach extends to OneVue

2 minute read

Iress has confirmed that the incident involving the unauthorised access reported this week extends beyond what was initially reported.

In an ASX listing, Iress said it has been investigating unauthorised access to its user space on GitHub, a third-party code repository platform which manages software code.

“In the course of the investigation, it has now been discovered that a credential within Iress’ GitHub user space was stolen and used to gain access to Iress’ OneVue production environment,” the firm said.

While this production environment is isolated to the OneVue businesses – MFA, Platform and OneVue Super – the OneVue “production environment” contains client data.

Iress said it is investigating the “extent and nature of the data accessed”.

“Investigations have substantially progressed across Iress’ other business lines and at this time, we have found no evidence that the remainder of Iress’ production environment, software or client data has otherwise been compromised,” the firm said.

“Iress will continue to keep the market informed as the investigation continues.”

In an ASX announcement on Monday morning, the technology firm said it “detected and contained” an unauthorised accessing of its user space on GitHub on Saturday.

At the time, the firm stressed that “Iress does not store client information on GitHub”.

“There is no evidence that client data has been compromised as a result of this issue. There is also no evidence that Iress’ production or client software has been compromised,” Iress said on Monday.

The circumstances have, however, changed.

In April, Iress said it sold its platform business to Praemium for an initial $1 million in cash consideration and a further payment of up to an additional $20 million over an 18-month period as milestones are met.

At the time, Iress said an 18-month migration process will follow to move OneVue clients to the Praemium platform technology.