Tech company Iress addresses user space’s security breach
Tech company Iress addresses user space’s security breach | Insurance Business Australia
Cyber
Tech company Iress addresses user space’s security breach
Firm assures no compromise to client data
Cyber
By
Roxanne Libatique
Tech company Iress is examining an incident involving unauthorised access to its GitHub user space, which was initially reported on May 13.
The company has assured that this incident has not disrupted client operations or led to any data compromise within Iress’ software systems.
The breach is confined to Iress’ user space on GitHub, a platform for managing software development, which does not store any client information.
Iress investigates GitHub breach
In response, Iress has launched an extensive security audit across its systems. To date, this review has not identified any malware or other security threats in its internal systems or software.
The company also confirmed that its GitHub space was protected by multi-factor authentication. The unauthorised access is believed to be linked to the misuse of a specific GitHub-only security credential, which does not affect other Iress systems or protocols.
“While investigations are ongoing, at this stage, it appears the nature of the unauthorised access relates to the use of a security credential which only applies to GitHub. There is no evidence this GitHub credential can be used to access any other Iress system via our MFA protocol,” it said.
Advice to Iress clients following breach
For most clients, Iress advises that no immediate action is necessary. Nevertheless, the company will notify certain clients who might need to update their security settings as a preventive step, with further instructions provided by their relationship managers.
In the aftermath of the breach, the company has increased its security protocols and restricted the integration of code from GitHub into its production environments while the investigation continues.
The company has established a webpage dedicated to providing updates on the situation. Clients with concerns are encouraged to contact their Iress Relationship Manager for more detailed information.
“Our investigation is continuing, but we have so far not detected any evidence our clients’ data or software environments have been compromised. As soon as we detected the unauthorised access within Iress’ GitHub user space, we suspended the ability for any code to be committed into Iress’ production environment from GitHub,” it said.
Related Stories
Keep up with the latest news and events
Join our mailing list, it’s free!
