As previously announced, on 13 March 2023 our parent company IPH Limited (IPH) detected that a portion of its IT environment had been subject to unauthorised access. This access was primarily limited to the document management systems of the IPH head office and two IPH member firms in Australia, Griffith Hack and Spruson & Ferguson (Australia), and the practice management systems of these two IPH member firms.
Upon becoming aware of the incident, IPH immediately isolated these systems, removed them from its network, and implemented its Business Continuity Plan to resolve the cyber incident.
As announced on 24 March 2023, IPH subsequently established new network infrastructure following a methodical restoration process. Key system functionality has now been restored. Supported by leading external cyber security experts, IPH has also applied enhanced cyber security measures, including additional preventative and detective controls to protect the IPH network.
Forensic update
IPH’s forensic investigation is now substantially complete. The investigation has identified that a limited set of data was downloaded by an unauthorised third-party during the incident. The downloaded dataset originated from another IPH member firm (i.e. not Griffith Hack).
Based on the investigation to date, IPH has no evidence to suggest that data located on any other component of IPH’s IT network (including the document management and practice management systems of Griffith Hack), was downloaded by the unauthorised third-party during the course of the incident.
IPH expects to complete the investigation and response into the cyber incident within the next few weeks and will update the market if there are any material changes to the outcomes set out in this announcement.
You can read the full statement from IPH here, and for any queries, please contact your relationship Principal.