{
	"id": "d7d2942b-7ff2-4b57-b6a1-925510cb5126",
	"created_at": "2026-04-06T00:09:11.354716Z",
	"updated_at": "2026-04-10T13:11:46.778446Z",
	"deleted_at": null,
	"sha1_hash": "c18f60ae450e0ccac0fba01e5dfef360d018febf",
	"title": "Australian securities regulator discloses security breach",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2127680,
	"plain_text": "Australian securities regulator discloses security breach\r\nBy Sergiu Gatlan\r\nPublished: 2021-01-25 · Archived: 2026-04-05 15:07:17 UTC\r\nImage: Pat Whelen\r\nThe Australian Securities and Investments Commission (ASIC) has revealed that one of its servers has been accessed by an\r\nunknown threat actor following a security breach.\r\nASIC is an independent Australian government commission tasked with the regulation of insurance, securities, and financial\r\nservices, as well with consumer protection as Australia's national corporate regulator.\r\nhttps://www.bleepingcomputer.com/news/security/australian-securities-regulator-discloses-security-breach/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/australian-securities-regulator-discloses-security-breach/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nThe commission also maintains a searchable database of business information for several types of organizations. The stored\r\ndata includes both current and historical info including but not limited to addresses and office locations.\r\nA single server affected by the breach\r\nAs ASIC disclosed the incident that took place on January 15th, 2021, is related to Accellion software the commission uses\r\nto transfer information.\r\n\"It involved unauthorised access to a server which contained documents associated with recent Australian credit licence\r\napplications,\" ASIC said.\r\n\"While the investigation is ongoing, it appears that there is some risk that some limited information may have been viewed\r\nby the threat actor.\r\n\"At this time ASIC has not seen evidence that any Australian credit licence application forms or any attachments were\r\nopened or downloaded.\"\r\nIn response to the security breach, ASIC has disabled access to the impacted server and is working on providing an\r\nalternative credit application submission channel.\r\nThe Australian securities regulator is working on bringing the impacted systems back online and on a forensic investigation\r\nof the attack with the help of external cybersecurity experts.\r\nThe commission said that no other systems besides the affected server have been reached or impacted in the incident.\r\nASIC is working with Accellion and has notified the relevant agencies as well as impacted parties to respond to\r\nand manage the incident. - ASIC\r\nOther Accellion customers breached or exposed to attacks\r\nThe New Zealand Reserve Bank also disclosed earlier this month that they suffered a data breach after an attacker\r\ncompromised a file sharing service containing sensitive data, powered by Accellion's FTA (File Transfer Application).\r\nThis is a legacy service deployed on-premise to allow users to share large and sensitive files with external recipients\r\nsecurely.\r\nThe vulnerability used to hack New Zealand Reserve Bank's file sharing service was patched by Accellion on Christmas\r\nEve.\r\n\"Accellion resolved the vulnerability and released a patch within 72 hours to the less than 50 customers affected,\" the\r\ncompany said in a press release.\r\nBased on these numbers, dozens of other targets might have been compromised by exploiting the same vulnerability.\r\nAccording to BleepingComputer's cybersecurity industry sources, Accellion released the patch on December 24th, and the\r\nReserve Bank of New Zealand suffered the breach on December 25th.\r\nEven though Accellion still provides support for the legacy FTA service, it has also been urging customers to migrate to the\r\nnew Kiteworks platform since at least December 2019.\r\nhttps://www.bleepingcomputer.com/news/security/australian-securities-regulator-discloses-security-breach/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/australian-securities-regulator-discloses-security-breach/\r\nhttps://www.bleepingcomputer.com/news/security/australian-securities-regulator-discloses-security-breach/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/australian-securities-regulator-discloses-security-breach/"
	],
	"report_names": [
		"australian-securities-regulator-discloses-security-breach"
	],
	"threat_actors": [],
	"ts_created_at": 1775434151,
	"ts_updated_at": 1775826706,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c18f60ae450e0ccac0fba01e5dfef360d018febf.pdf",
		"text": "https://archive.orkl.eu/c18f60ae450e0ccac0fba01e5dfef360d018febf.txt",
		"img": "https://archive.orkl.eu/c18f60ae450e0ccac0fba01e5dfef360d018febf.jpg"
	}
}