IPH Limited (IPH) advises that on 13 March 2023 the company detected unauthorised access to a portion of its IT environment.
As soon as this incident was detected IPH commenced working to secure its IT environment and is working with leading external cyber security and forensic IT advisors to respond and conduct a forensic investigation. We are advised that this investigation may take some time to complete.
We have also notified the Australian Cyber Security Centre (ACSC) of the incident.
Based on preliminary analysis, it appears the incident is primarily limited to the document management systems (DMS) of the IPH head office and two IPH member firms in Australia, Spruson & Ferguson (Australia) and Griffith Hack, and the practice management systems (PMS) of these two member firms. The information contained in the DMSs includes documents relating to the administration of these entities and, in the case of the two IPH member firms, client documents and correspondence. The PMSs contain IP case management information (such as filing timelines) relating to the practice of the two IPH member firms.
The investigation underway is focussed on determining whether the information stored in these systems has been accessed by the unauthorised third-party.
We have enacted our business continuity plan (BCP) and, while the functionality of some systems has been affected, we have transitioned to alternative processes which are working adequately to enable the relevant firms to continue to conduct operations, albeit with some disruption.
We apologise to our clients and the community for any concern that this incident may cause.
We will continue to keep our clients, shareholders and key stakeholders updated as we respond to this event and our investigation continues and further facts are established.