Australian software giant won't say if customers affected by hack

·2 min read

Australian enterprise software company TechnologyOne has halted trading after confirming it was hit by a cyberattack.

In a stock exchange filing on Wednesday, the Brisbane-based software maker said it had detected that “an unauthorized third-party acted illegally to access its internal Microsoft 365 back-office system.”

TechnologyOne said the company’s customer-facing platform is not connected to the affected Microsoft 365 system and “therefore has not been impacted,” but when reached, the company would not say if any customer or employee data had been accessed as a result of the wider incident.

Brendan Altadonna, who represents TechnologyOne on behalf of a third-party public relations agency, declined to answer TechCrunch’s other questions. Altadonna said that the company will only be able to provide further details once its investigation has progressed.

The nature of the incident remains unknown.

Brett Callow, threat analyst at Emsisoft, told TechCrunch that while details about the incident are vague, TechnologyOne may have fallen victim to ransomware. “Statistically speaking, the most likely explanations are either a ransomware attack or the systems being proactively taken offline to prevent a ransomware attack after the detection of an intrusion,” Callow said.

The cyberattack has not yet been claimed by any of the major ransomware groups. It's not uncommon for ransomware actors to publish stolen information as part of efforts to extort victims.

TechnologyOne claims to be Australia’s largest software company, and says its “deeply integrated” technology is used by more than 1,300 organizations, including government agencies, local councils and universities. The company's flagship cloud-based enterprise resource planning (ERP) product helps its corporate customers manage their business operations.

TechnologyOne is the latest Australian technology company to confirm a breach in recent months, following a spate of high-profile cyberattacks that compromised millions of citizens' personal information.

In September, Australia telecoms giant Optus said that current and former customer data — including driver’s license and passport numbers — was accessed following a cyberattack on its systems. By November, Australian health insurance giant Medibank confirmed hackers stole 9.7 million customers’ personal details and health claims data for almost 500,000 people.