TechnologyOne investigates 'cyber incident' on M365 system - 20230510004¶
Overview¶
The WA SOC has observed a cyber incident related to TechnologyOne, an Australian ERP SaaS provider, said an "unauthorised third party" has accessed the company's internal Microsoft 365 platform.
What has been observed?¶
In a financial filing [pdf], the company requested being placed into a trading halt. It said the third-party, which it did not characterise, had "acted illegally" in accessing the M365 instance. TechnologyOne said its customer-facing SaaS platform isn't connected to M365 "and therefore has not been impacted". "The company has acted with urgency to investigate the issue, including initiation of its cyber response strategy, appointing third party experts, and isolating affected systems," it said. "Once the investigation is further progressed, we will be in a position to contact those who may be affected to work with them on the ongoing safety of their data."
References¶
Recommendation¶
If any TechnologyOne services are in use, please request ongoing updates related to this cybersecurity incident from your vendor to your cyber executive. Please inform DGov via cybersecurity@dpc.wa.gov.au for any material updates indicating a loss of sensitive information. The WA SOC also recommends reviewing activity related to TechnologyOne services for the past 7 days, especially privileged actions and unusual access.