Company reissues some user digital certificates
Property settlement software group PEXA has announced that it will be reissuing digital certificates to a small number of its clients as it investigates the mishandling of a physical storage device by a third-party provider of digital certification.
In a statement released on Sunday, PEXA Group said the PEXA Exchange remained unaffected by the isolated incident, which involved the mishandling of a physical storage device by a third-party provider of digital certification, with the Exchange continuing to be fully secure and operational. The storage device contained a number of PEXA user digital certificates.
“The third-party provider has confirmed that at this time it does not believe any network or computer system has been compromised,” PEXA said.
“Based on active monitoring of the PEXA Exchange, there is no evidence of misuse related to any of the affected user certificates. Any digital signing would still require a user to be authenticated with multi-factor authentication, and there is no evidence PEXA’s identity management has been impacted.”
PEXA also said there is “no evidence that any of the relevant data has been published, and in relation to any personal information, this is confined to basic business contact details which, of itself, carries a low risk”.
The company said only a small number of PEXA Exchange subscribers were affected, representing less than 1% of total subscribers. “All affected users have been individually notified. As a precautionary measure, their certificates
have been cancelled, with some exceptions made at the customer’s request as an interim measure to avoid impacting any transactions. Cancelled certificates are in the process of being reissued.”
PEXA said it had been working with all relevant authorities and it had taken all appropriate action to manage the low-risk incident.
The news of the incident at PEXA caused concern among investors, resulting in a 7.4% drop in shares to $10.09 on Friday, The Australian reported.
In August, shares in PEXA fell after it revealed profits slumped to a $21.8 million loss due to lower margin transactions and investments in new business. PEXA recently announced its acquisition of UK conveyancing technology provider Smoove for £30.8 million, as well as Land Insight, an Australian environmental risk data analytics company.
APRA has previously highlighted significant gaps in cyber protection within the nation's financial institutions, warning that further attacks are likely unless improvements are made.
Have something to say about this story? Let us know in the comments below.
