Iress breach extends to OneVue business

Iress has confirmed the breach it was victim to over the weekend was worse than first thought, having spread to the recently offloaded OneVue business.

On Monday, Iress told shareholders its private user space on code repository GitHub had been breached. At the time, it said it was undertaking an investigation but was confident no data had been stolen.

In an update today, Iress said it has since discovered a credential within that user space was stolen and used to access Iress' OneVue production environment which does contain client data.

In February, the OneVue platform business was acquired by Praemium.

In response to the news, Praemium assured investors the breach only relates to the OneVue business and that no other Praemium technology or client data has been compromised.

It added that it has received no indication from Iress that OneVue client data has been accessed.

Praemium is in regular contact with Iress as the investigation continues, it said.

Iress said it is investigating the extent and nature of the data accessed, adding that investigations across its other business lines have progressed and there is no evidence to suggest the remainder of its production environment, software, or client data was compromised.