TechnologyOne – O365 Backend Systems Breach

TechnologyOne have advised the ASX of a breach of their O365 backend systems this morning (11th May 2023).

This advisory is applicable to customers of TechnologyOne products. Given the available data at present (which is very limited), we are advising customers to remain vigilant to supply chain attacks that may originate from the breach. The attack vector would likely be via O365. This may include scenarios involving:

  1.  Account takeover of TechnologyOne accounts, allowing third parties to impersonate certain trusted users.
  2. Where data has been harvested from the O365 tenant, this could in turn be used in a malicious sense against TechnologyOne customers. Be aware of any extortion attempts or mis-use of data in future.

Please be aware that this style of attack will have a long tail, meaning that such attempts to use any data exfiltrated could take quite some time to be utilised or materialise.

From a mitigation stand-point, we would suggest that TechnologyOne customers consider the following courses of action:

  • Understand which TechnologyOne solutions are in use across the organisation.
  • Inform all staff within your organisation of the breach, specifically those that utilise TechnologyOne systems as part of BAU.
  • Advise that staff maintain vigilance when receiving emails and/ or instructions from TechnologyOne contacts. Given we don’t know any timeframes around the breach, this could include any recent instructions from TechnologyOne contacts.
  • If there is any External access provided to TechnologyOne users within your organisation’s Azure/ O365 tenant, that this access is reviewed/ revoked until further information becomes available. This may have an operational impact and would need to be considered prior to actioning.
  • Similarly to point 3 above, should any of your staff have external access to the TechnologyOne Azure/ O365 tenant, than we would recommend that these users change their passwords immediately. .
  • Understand what information may have been shared with TechnologyOne via email and/ or File sharing application such as to understand what (company) information could be part of any breach of their tenant.

When we know further information we will provide further guidance.

Customers should monitor releases via the company in relation to the breach on the ASX website