IPH Limited (IPH) advises that it is continuing to work with leading external cyber security and forensic IT advisors to respond to, and conduct a forensic investigation into, the cyber incident announced on 16 March 2023.
IPH advised in that announcement that it had detected unauthorised access to a portion of its IT environment, primarily limited to the document management systems of the IPH head office and two IPH member firms in Australia, Spruson & Ferguson (Australia) and Griffith Hack, and the practice management systems of these two IPH member firms. Upon becoming aware of the incident, IPH immediately isolated these compromised systems and removed them from its network.
IPH advises that it has now established new network infrastructure following a strict restoration process and key system functionality has now been restored. Under the advice of cyber security experts, security has also been further enhanced, including additional preventative and detective controls to protect the IPH network. The new systems are now in use by the two affected IPH member firms, and their transition back to normal operating procedures on these new systems is underway. All other IPH member firms continue to operate as normal.
IPH is continuing its response, and its investigation into the extent of and nature of the unauthorised access to the IT environment and data held within it, which is expected to extend over a number of weeks.
As our investigation and response continues and business operations are restored, we will continue to update the market as appropriate.