Share this article on:
Australian financial services provider Perpetual has fallen victim to a third-party security breach, accessing a “limited amount” of personal information and impacting 45,000 clients as its myPerpetual services were forced offline.
According to a statement released by the company, while Perpetual disconnected its services from the third-party provider upon learning of the security breach, unauthorised users are expected to have accessed client data.
While some systems have come back online, Perpetual’s myPerpetual platform, which facilitates investments and even pension payments, remains offline in the lead-up to the end of the financial year.
“Perpetual experienced an extended outage as a result of an IT security incident. This occurred in a unit registry system provided by a third party, which affected some of Perpetual’s funds,” a statement on the company’s website read.
“For the safety and security of our clients and systems, we disconnected from the third party’s system when we became aware of the incident, and are currently working with the registry provider to rebuild the system as quickly as possible in a new, secure environment.
“Perpetual places the highest priority on the privacy and security of our clients’ personal information. While we have currently determined that sensitive client data remains secure and encrypted, unfortunately, a limited amount of personal information has been compromised.”
While Perpetual was able to disconnect from the system, the company has confirmed that some personal information has been accessed, which includes contact details, including first names, surnames and addresses, as well as some unlinked bank accounts.
The company has confirmed that the bank accounts are not linked to the contact information that were also accessed.
“Our investigation has found two separate and unrelated files which may have been compromised,” a statement read.
“A file containing first names, surnames and addresses and a second separate file containing bank account details which are unlinked to names and addresses, meaning that it is difficult to match these bank account details with names and addresses that appear in the first file.”
Perpetual has also added that customer investments remain safe and secure due to being held “in custody by a separate independent global custodian not related to the impacted unit registry provider’s system”.
“Likewise, all Perpetual internal systems used for trading are completely separate from the impacted unit registry provider’s system,” it said.
Perpetual is currently in the process of reaching out to its clients and is advising them of the steps they can take to protect from scam activity “given the ongoing and increasing threat of cyber security events”.