Cyber Incident Victim: IPH Limited
Date:
Mar 2023
Location:
Australia
Summary
IPH Limited detected unauthorised access to parts of its IT environment, prompting immediate actions to secure systems with external cybersecurity advisors and notification to the Australian Cyber Security Centre. The incident primarily impacted document management systems at its head office and two member firms, along with their practice management systems, potentially exposing administrative documents, client correspondence, and intellectual property case details. An investigation is underway to determine if any data was accessed, while business continuity plans have enabled operations through alternative processes despite some disruptions. The company apologised for any concern caused by this event.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 13, 2023, IPH Limited detected unauthorised access to a portion of its IT environment. The company immediately initiated response protocols by engaging leading external cyber security and forensic IT advisors to secure its systems and conduct a forensic investigation. IPH concurrently notified the Australian Cyber Security Centre (ACSC) of the breach. Preliminary analysis indicated the incident primarily affected the document management systems (DMS) at IPH's head office and two Australian member firms – Spruson & Ferguson (Australia) and Griffith Hack – as well as the practice management systems (PMS) of those same member firms. The compromised DMSs contained administration records for the entities and, for the two member firms, client documents and correspondence. The breached PMSs held intellectual property case management data, including critical operational details such as filing deadlines and procedural timelines. This initial assessment suggested the intrusion was contained to these specific systems rather than spanning IPH's entire network infrastructure. Forensic investigators focused on determining whether the unauthorised third party accessed or exfiltrated stored information during the breach, though this remained unconfirmed at the time of reporting.
IPH activated its business continuity plan following the detection to maintain operational functionality. While the incident caused partial degradation of affected systems, the implementation of alternative processes enabled the two member firms to continue conducting business operations despite disruptions. The company publicly acknowledged the incident's potential to cause concern among clients and community stakeholders, issuing a formal apology while emphasizing ongoing response efforts. IPH committed to providing continued updates to clients, shareholders, and key stakeholders as the forensic investigation progressed and additional facts were established. No data recovery timelines or specific remediation measures were disclosed beyond the confirmation of contingency protocols being operational. The investigation remained ongoing with no public attribution to threat actors or disclosure of initial compromise vectors at the time of the company's statement.