Perpetual customer-facing system still offline after third-party breach – Security – Finance


Perpetual’s customer-facing systems remain offline, months after the company first revealed a data breach, and with no clear timeline for restoration.



While Perpetual doesn’t attribute any financial impact to the incident in its annual results released today, a footnote in one of its disclosure document reveals that earlier this month, it created a board-level technology and cyber security committee.

According to its directors’ fees, the technology and cyber security committee is chaired out of Perpetual’s US office, with members in Australia, the US, and the UK.

The only update about its MyPerpetual outage came in a statement posted to its site this week saying: “Work continues to restore online services impacted by an extended outage caused by an IT security incident on a system provided by a third-party provider.

“At this stage we are unable to confirm a timeframe for restoration and myPerpetual will remain offline for the next few weeks.”

In June, Perpetual took systems offline when a third party registry provider suffered unathorised access.

At the end of June, the organisation revised its advisory, announcing that some customer data had been compromised in the attack.

Only limited customer information was breached, with sensitive details like bank account information encrypted, but Perpetual said at the time it took some core systems offline as a precaution “to prevent any spread” of the incident.

It said these measures allowed the incident to be contained to the third party provider only.



Source link