Australia’s Iress Ltd has announced that its financial services software platform, OneVue, has been exposed to a data breach due to a stolen credential from its third-party user space. The credential was used to gain unauthorized access to the OneVue production environment, which contains sensitive client data. The breach was discovered over the weekend, and Iress is currently investigating the extent and nature of the data accessed. The company has reassured clients that the OneVue production environment is isolated to specific business units: MFA, Platform, and OneVue Super.
Praemium, the company that recently acquired OneVue Platform Business (IOPB), confirmed that the breach was confined to the OneVue business. They clarified that no Praemium technology or client data had been compromised. Praemium has stated that, as of now, they have no indication from Iress that OneVue client data has been compromised. This incident underscores the importance of securing third-party user credentials and monitoring access to sensitive production environments.
Iress also mentioned that the stolen credential was within its GitHub user space, but clarified that it does not store any client information on GitHub. The firm is conducting simultaneous investigations across its other business segments to ensure no other data breaches have occurred. This breach highlights the vulnerabilities in third-party integrations and the need for stringent security measures to protect client data.
The company is working closely with cybersecurity experts and authorities to mitigate any potential impacts of the breach. Clients affected by the incident are being informed, and Iress is committed to enhancing its security protocols to prevent future occurrences. This incident serves as a critical reminder for all organizations to continually assess and upgrade their cybersecurity defenses, particularly when relying on third-party platforms.
