More breach victims are emerging as the result of exploits of an unpatched vulnerability in an aging file transfer system from Palo Alto, California-based Accellion.
The latest announcement comes from the Australian Securities and Investments Commission, which says it became aware on Jan. 15 of a breach involving Accellion's software, which the agency uses to transfer files and attachments.
Recent credit license applications were accessed without authorization, ASIC says.
"While the investigation is ongoing, it appears that there is some risk that some limited information may have been viewed by the threat actor," ASIC says. "At this time, ASIC has not seen evidence that any Australian credit license application forms or any attachments were opened or downloaded."
ASIC officials couldn't be immediately reached for comment. The Sydney Morning Herald reports that ASIC informed financial institutions about the breach on Monday, 10 days after it knew it had been compromised.
Meanwhile, the Australian Fina ..