By Ionut Arghire on February 02, 2021
The Office of the Washington State Auditor (SAO) has disclosed a cybersecurity incident in which the personal information of more than 1 million individuals might have been stolen.
At the heart of the incident, SAO says, was Accellion software used for file transfers. Hackers exploited a security flaw in the file sharing service and gained access to restricted files.
Called FTA (File Transfer Application), Accellion’s service in mid-December received a patch for a critical vulnerability impacting less than 50 customers. The fix was sent to all affected organizations.
Despite that, the vulnerable service has been exploited by hackers to breach the systems of other Accellion customers as well, namely the Reserve Bank of New Zealand and the Australian Securities and Investments Commission (ASIC).
Australian securities regulator discloses security breach
By
The Australian Securities and Investments Commission (ASIC) has revealed that one of its servers has been accessed by an unknown threat actor following a security breach.
ASIC is an independent Australian government commission tasked with the regulation of insurance, securities, and financial services, as well with consumer protection as Australia s national corporate regulator.
The commission also maintains a searchable database of business information for several types of organizations. The stored data includes both current and historical info including but not limited to addresses and office locations.
A single server affected by the breach
By Ionut Arghire on January 26, 2021
The Australian Securities and Investments Commission (ASIC) on Monday disclosed a security incident that involved Accellion software.
An independent commission of the Australian government, ASIC is the national corporate regulator, overseeing enterprise and financial services and also tasked with the enforcement of laws designed to protect consumers, creditors, and investors in Australia.
The newly disclosed incident, ASIC says, was identified on January 15, 2021, and resulted in unauthorized access to one of its servers, on which documents related to recent Australian credit license applications were stored.
“This incident is related to Accellion software used by ASIC to transfer files and attachments,” the Australian regulator says.