Perpetual Hit by Third-Party Security Breach
In a recent turn of events, Perpetual, a renowned financial services provider in Australia, has been hit by a third-party security breach. This incident has led to the compromise of a limited amount of personal data and has affected approximately 45,000 clients. Consequently, the company’s myPerpetual services were taken offline.
Upon discovering the breach, Perpetual promptly disconnected its services from the third-party provider. However, it is anticipated that unauthorised users may have accessed client data during the breach. While some systems have been restored, the myPerpetual platform, a crucial tool for investments and pension payments, remains offline as the financial year draws to a close.
Perpetual’s Response
Perpetual issued a statement on its website, explaining the situation:
“We experienced an extended outage due to an IT security incident. This incident occurred in a unit registry system provided by a third party, affecting some of Perpetual’s funds. For the safety and security of our clients and systems, we disconnected from the third party’s system when we became aware of the incident. We are currently working with the registry provider to rebuild the system as quickly as possible in a new, secure environment.”
The company places utmost importance on the privacy and security of its clients’ personal information. Although sensitive client data remains secure and encrypted, unfortunately, a limited amount of personal information has been compromised.
Compromised Personal Information
The accessed personal information includes contact details such as first names, surnames, and addresses, along with some unlinked bank accounts. The company has clarified that these bank accounts are not linked to the contact information that was also accessed.
Perpetual’s investigation revealed two separate and unrelated files that may have been compromised. One file contained names and addresses, while the other contained unlinked bank account details. It would be challenging to match these bank account details with the names and addresses in the first file.
Assurance of Customer Investment Security
Despite the breach, Perpetual assures that customer investments remain safe and secure. These investments are held “in custody by a separate independent global custodian not related to the impacted unit registry provider’s system.” All internal systems used for trading are also separate from the affected unit registry provider’s system.
Perpetual is currently reaching out to its clients and providing advice on steps they can take to protect themselves from potential scam activity considering the increasing threat of cybersecurity events.
The financial implications of a cybersecurity breach for an Australian financial services firm like Perpetual can be substantial. The cost of downtime due to such a breach is not just limited to the immediate financial loss from halted operations. It extends to several other areas that can have long-term impacts on the company’s bottom line.
The Costs of Remediation
a. Identifying and rectifying the breach
Firstly, there’s the cost of identifying and rectifying the breach. This involves the expense of IT experts working to secure the system, potential hardware or software upgrades, and the cost of developing and implementing additional security measures to prevent future breaches.
b. Potential loss of business
Secondly, there’s the potential loss of business. During the downtime, clients may not be able to access their accounts, make transactions, or receive services. This disruption can lead to a loss of trust, and in the worst-case scenario, clients may choose to take their business elsewhere. For a financial services firm, which relies heavily on client trust and consistent service, this could result in significant revenue loss.
c. Regulatory fines
Thirdly, there’s the cost of regulatory fines. In Australia, the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 mandates that companies must report data breaches that are likely to result in serious harm. Non-compliance can result in hefty fines.
d. Reputational damage
Finally, there’s the cost associated with reputational damage. In the financial services industry, a company’s reputation is paramount. A security breach can cause significant harm to a company’s image, affecting its ability to attract new clients and retain existing ones. The cost of PR efforts to restore the company’s reputation can also be substantial.
While the immediate cost of downtime can be high, the long-term costs associated with a cybersecurity breach can be even more significant for an Australian financial services firm. It underscores the importance of robust cybersecurity measures in this sector.
How Can We Help?
As cybersecurity threats continue to evolve, protecting your business from breaches is more critical than ever. At Evisent, we specialise in providing comprehensive IT security solutions for small to medium businesses in the financial sector. Our team of experts can help safeguard your systems, detect vulnerabilities, and implement robust cybersecurity measures to mitigate risks.
Don’t wait until it’s too late. Contact Evisent today to fortify your business against cyber threats and ensure the safety of your confidential data. Visit our homepage at www.evisent.com or call us at 1300 384 736 to schedule a free consultation.
Secure your business with Evisent and stay one step ahead in the battle against cybercrime.
