Australia’s Iress says client data at OneVue platform compromised

By Thomson Reuters May 14, 2024 | 7:40 PM

(Reuters) – Australia’s Iress Ltd said on Wednesday a stolen credential from its third-party user space was used to gain access to client data in the production environment of the financial services software platform OneVue over the weekend.

“It has now been discovered that a credential within Iress’ GitHub user space was stolen and used to gain access to Iress’ OneVue production environment,” the financial software firm said in an exchange filing.

“The OneVue production environment contains client data and we are investigating the extent and nature of the data accessed.”

OneVue’s production environment is isolated to the platform’s businesses – MFA, Platform and OneVue Super.

Iress earlier in the week disclosed that the data breach at the user space on GitHub was identified over the weekend, and clarified that it does not store any client information on it.

Simultaneous investigations in Iress’s other business segments are being carried out and no other data breach instances have been identified yet.

(Reporting by Sneha Kumar; Editing by Sherry Jacob-Phillips)