Australian company Iress reports unauthorized access to their GitHub repositories

Iress Ltd, a financial services software company based in Australia, is reporting containing an unauthorized access to its GitHub space over the weekend (11th to 12th of May 2024).

Iress has restricted access to GitHub and initiated a comprehensive investigation to assess the extent of the intrusion. The company has also begun enhancing its access and security protocols as a preventive measure against potential future threats.

GitHub, utilized by Iress as a repository for managing pre-production software code, did not contain any client information, ensuring that no client data was compromised during the incident.

No details are disclosed about the attack, but it's either a breached account/phishing or an accidentaly exposed repository.

Iress assures that there would be no impact on its operations or any disruption to its clients' ability to use their software and systems. Iress has notified clients and relevant authorities about the incident.

Update - as of 15th of May 2024, Iress reported that the breach affected its OneVue production environment which contains client data. OneVue is a service that provides managed funds administration, platform and superannuation. The number of affected individuals is not disclosed.