TechnologyOne suffers cyber attack, shares in trading halt

The company has joined the likes of Optus and Medibank in falling victim to a data breach, while the privacy watchdog has launched a probe into Latitude Financial.

David Swan

2 min read

10:36AMMay 10, 2023.

Updated 3:43PMMay 10, 2023

The Australian Business Network

Some policies in the 2023 budget could potentially 'push inflation higher for longer'

Shares in Australian enterprise tech giant TechnologyOne are in a trading halt after a cyber attack, with an investigation now underway.

The software outfit told shareholders on Wednesday that an unauthorised third-party acted illegally to access its internal Microsoft 365 back-office system.

Its customer-facing Software-as-a-Service platform is not connected to the Microsoft 365 system and therefore has not been impacted, it said.

The group has activated its cyber response strategy, appointing third party experts, and isolating affected systems and reported this incident to relevant authorities while continues to not only comply but go beyond its regulatory obligations, it told investors.

“Once the investigation is further progressed, we will be in a position to contact those who may be affected to work with them on the ongoing safety of their data. We apologise to impacted individuals for any concern this incident may cause.”

The company declined further comment.

Shares in TechnologyOne last traded at $14.66 with a market value of $4.76bn. The company is Queensland’s largest listed tech company, and entered the ASX 100 earlier this year. It has 1300 customers with a focus on higher education, government and local councils through providing software to run their operations on any platform.

Technology One boss Ed Chung.

Meanwhile, Australia and New Zealand’s privacy watchdogs have launched a joint investigation into the privacy practices of financial provider Latitude, after a massive data breach that has become Australia’s largest, with the company facing fines of up to $50m for each potential breach of the Privacy Act.

The Office of the Australian Information Commissioner and the New Zealand Office of the Privacy Commissioner said on Wednesday this is their first joint privacy investigation, reflecting the impact of the data breach on individuals across both countries.

“The OAIC investigation will focus on whether Latitude took reasonable steps to protect the personal information they held from misuse, interference, loss, unauthorised access, modification or disclosure,” the watchdog said in a statement.

“The investigation will also consider whether Latitude took reasonable steps to destroy or de-identify personal information that was no longer required.”

Some 14 million customer records were taken in the breach, with Latitude declaring it would not pay a cyber ransom to hackers.

The attack resulted in almost 8 million Australian and New Zealand driver’s licence numbers being stolen as well as a further 6.1 million customer records, more than 53,000 passport numbers and under 100 customer financial statements.

The breach has mostly impacted Latitude customers from between 2005 and 2013, who are being urged to stay alert for any phishing scams including suspicious text messages and emails, and to change their passwords. Customers are also being encouraged to check their credit score for any changes or suspicious activity.

“If the investigation finds serious and/or repeated interferences with privacy in contravention of Australian privacy law, then the Commissioner has the power to seek civil penalties through the Federal Court of up to $50 million for each contravention,” the OAIC said on Wednesday.

A Latitude spokesman said in a statement that the company was aware of the investigation.

“Latitude has been working closely with the OAIC and the OPC since the cyber-attack and will continue to fully cooperate as they undertake their investigation.”