Get Permission
Washington State Auditor Pat McCarthy says her office was not notified about a vulnerability in Accellion s file transfer product.
A data breach of a Washington state auditor s system exposed 1.4 million unemployment claimants’ records. The breach involved exploiting a flaw in Accellion s file transfer product, called File Transfer Appliance, and the state’s auditor says the office was never notified of the vulnerability and that a fix was available, the Seattle Times reports.
Organizations in New Zealand and Australia have also been affected by breaches tied to exploits of the vulnerability. But Accellion says it issued a patch in December 2020 and alerted all affected customers.
Miscreant fingered server that held docs related to credit applications down under
Richard Speed Mon 25 Jan 2021 // 18:01 UTC Share
Copy
The Australian Securities and Investments Commission (ASIC) has admitted one of its servers was accessed without sanction and may have been digitally pawed by miscreants.
The country s company and financial services regulator became aware of the incident on 15 January, which it said was related to Accellion software used by ASIC to transfer files and attachments.
The attack involved a server containing documents associated with Australian credit applications and the commission warned that some limited information may have been viewed by the threat actor. ASIC was at pains to add that it hadn t seen evidence of the forms and attachments being opened or downloaded.
Get Permission
Reserve Bank of New Zealand Gov. Adrian Orr says he personally owns responsibility for a serious data breach involving a file transfer system.
The governor of New Zealand’s Reserve Bank, the nation s central bank, says he “personally owns” responsibility for a data breach that exposed private and sensitive stakeholder information.
On Friday, Gov. Adrian Orr said that the bank’s actions “have fallen short of the public’s expectations. This is why I am unreservedly apologizing,” according to a video included as part of a statement.
The bank disclosed on Jan. 10 that hackers had compromised the bank’s File Transfer Appliance, which is part of the file-sharing service from Accellion, a company based in Palo Alto, California. The central bank used the service to share information with stakeholders (see:
The breach was first announced on Sunday and later in the week the Royal Bank of New Zealand said a file sharing service provided by California-based Accellion was illegally accessed.