What has happened?

We recently experienced a cyber incident where an unauthorised third party accessed a limited part of our IT system.

As soon as we detected the incident, we took steps to immediately secure the affected system and began working with cyber security experts to investigate what happened.

Our systems are running as normal, we remain fully operational, and our business operations have not been impacted by this cyber incident. There is no evidence of any impact to customers’ accounts and our customers’ funds are safe.

What does this mean for our affected customers?

Unfortunately, our ongoing investigation has identified evidence that some personal information of some of our customers has been accessed.

We are notifying all impacted individuals directly and providing steps that they can take to protect themselves from scams or phishing attempts, in line with our regulatory obligations.

In addition, we have engaged IDCARE, Australia’s national identity and cyber support community service. IDCARE’s services are available to impacted customers at no cost and their expert Case Managers can help address our customers’ concerns about potential misuse of their personal information.

If you have received a letter from us, we recommend you carefully review the contents of the letter which outlines the support available, including IDCARE, and the steps you may consider taking to limit the potential impact of the breach, based on the types of information impacted for you.

If you have not heard from us, that is because at this stage of our investigation, our cyber security experts have not found any evidence that you are affected by the incident.

We have also notified the relevant authorities of this incident and are continuing to update them on any developments in our investigation.

Our investigation is ongoing and we will continue to communicate in a timely and transparent manner. We remain committed to protecting the personal information of our customers, and we sincerely apologise for any concern this update may cause.

What does this mean for brokers, aggregators and our other partners?

If you are not one of our customers, it is important to note there is no action required from you, as we are directly notifying impacted individuals. We kindly ask that you do not proactively reach out to organisations or individuals about this incident, so not to cause confusion or alarm to our customers who are not affected.

As noted above, we are contacting impacted individuals directly and providing steps that they can take to protect themselves, in line with our regulatory obligations, and we want to ensure that anyone who is impacted by the incident have the information and resources they need. However, if you receive questions from customers about our incident, please feel free to direct them to the email address provided to them on their notification.