The Australian Securities and Investments Commission (ASIC) says a server it was using to handle recent credit licence applications was breached by a hacker.

“While the investigation is ongoing, it appears that there is some risk that some limited information may have been viewed by the threat actor,” the securities regulator said in a statement issued on 25 January.

“At this time ASIC has not seen evidence that any Australian credit licence application forms or any attachments were opened or downloaded.”

The cyber security incident involved unauthorised access to software the ASIC uses to transfer files and attachments. 

As a precaution, the commission has disabled access to the affected server to protect information and systems. It is also devising alternative arrangements for submitting credit application attachments, which will be implemented shortly. 

ASIC says it is working with the software provider and has notified the relevant agencies as well as impacted parties of the incident.