Australian-headquartered software vendor TechnologyOne has flagged a cyber security incident into its back-office system and has appointed “third party experts” as part of its investigation.
The incident involved access to its internal Microsoft 365 back-office system by an unauthorised third party user, the SaaS player told shareholders on the Australian Securities Exchange (ASX) on 10 May.
The business’ customer-facing software-as-a-service (SaaS) platform is not connected to the Microsoft 365 system however, with TechnologyOne claiming it has not been impacted.
In response to the incident, the vendor claimed it has acted with urgency and appointed unnamed experts, initiating its cyber response and isolating affected systems, with systems already being restored.
“The company has reported this incident to relevant authorities and continues to not only comply but go beyond its regulatory obligations,” it noted in its statement.
“Once the investigation is further progressed, we will be in a position to contact those who may be affected to work with them on the ongoing safety of their data.”
When contacted for comment, a TechnologyOne spokesperson said facts are still being gathered around the incident, including timing and whether the vendor's offices in other countries were affected.
TechnologyOne’s cyber incident follows that of a number of significant cyber security breaches that have affected companies operating in Australia. The first such incident saw telecommunications company Optus hit by a cyber breach in September that saw 9.8 million customers potentially affected.
A month later, health insurer Medibank saw 200 gigabytes of sensitive data stolen.
Then, in March this year, Latitude Financial Services was attacked, leading to over 14 million records stolen across Australia and New Zealand (A/NZ).