Ransomware attack at third party exposes Perpetual client data

Local clients of the $210bn fund manager are the latest to be hit by ransomware attacks, with systems down and some personal information compromised.

Paulina Duran

Perpetual has ‘not engaged on a ransom’, a spokesman said.

2 min read

6:57PMJune 28, 2023

The Australian Business Network

Thousands of clients of $210bn fund manager Perpetual are the latest to be hit by a ransomware attack, after an outsourced registry provider was hacked, compromising some of their data.

“For the safety and security of our clients and systems, we disconnected from the third-party’s system when we became aware of the incident,” a spokesman for Perpetual said without naming the provider.

Perpetual lists Indian group Tech Mahindra – which according to media reports has been a victim of ransomware attacks before – as its registry provider.

Perpetual has “not engaged on a ransom”, the spokesman said. Media representatives from Tech Mahindra did not return a request seeking information.

“We are currently working with the registry provider to rebuild the system as quickly as possible in a new, secure environment,” the spokesman said, adding the fund manager had written to about 40,000 clients on Tuesday to notify them of the situation.

“While we have currently determined that sensitive client data remains secure and encrypted, unfortunately, a limited amount of personal information has been compromised,” he said.

As soon as Perpetual was notified of the incident, the Sydney-based fund manager disconnected from the third-party system, which caused an “extended outage” to some online services, it told clients in a memo seen by The Australian.

An internal investigation found some personal information was accessed from the third-party system, including contact details and some bank account numbers that were held separately and were not linked to those contact details, the email said.

“Our investigations have not identified any impact of any Perpetual client or superannuation investments, which remain safe and, that sensitive client data remains secure. This includes identification documents which may have been provided to us,” it said.

Perpetual is also engaging external forensic experts.

The data breach at Perpetual’s third-party provider follows a string of cyber attacks targeting financial services companies and law firms, including HWL Ebsworth, bond broker FIIG, and non-bank lender Latitude.

“This outage was necessary and precautionary to prevent any contagion to any of Perpetual’s systems, which remain safe and secure,” the firm’s email to clients said.

“Core systems have now been restored and processing client transactions and payment of withdrawals has recommenced, however access to myPerpetual remains impacted.”

The spokesman said the unauthorised access to the registry providers system had impacted Perpetual asset management and wealth management divisions, investment funds, its WealthFocus platform and Select products (multi-manager funds).

“There is no impact to Perpetual listed products, institutional mandates, Pendal, Perpetual Corporate Trusts, Perpetual wrap clients or any of our international asset management businesses,” he said.

“We apologise to clients for any inconvenience or concern caused and are committed to keeping them informed.”

Perpetuals shares closed 2 per cent higher at $25.94 on Wednesday.