Exchange ‘unaffected’ by third-party incident: PEXA

ASX-listed digital property exchange platform PEXA has confirmed its exchange “remains unaffected” by an incident that involved the “mishandling” of a physical storage device by a third-party provider of digital certification.

Concerns that PEXA had been breached arose on Friday (6 October), with the platform providing a statement at the time stating that it was “investigating an incident involving the potential unauthorised access of user certificate data held by a third-party provider to PEXA”.

The exchange had stated that it had notified the “small number” of affected users and that “the integrity of the system remains intact” and that there had been “no evidence of misuse”.

However, PEXA also confirmed that it had cancelled certificates “as a precautionary measure” and would work with the third-party provider and affected users to reissue certificates.

The unnamed third-party provider told PEXA that it did not believe any network or computer system had been compromised.

In an updated statement released on Sunday (8 October), PEXA revealed that it was an “isolated incident” that related to “improper handling of a physical storage device that contained a number of PEXA user digital certificates”.

It also confirmed that any digital signing would still require a user to be certified with multi-factor authentication and there was no evidence that PEXA’s identity management had been impacted.

In its latest statement, the exchange said: “There is also no evidence that any of the relevant data has been published, and in relation to any personal information, this is confined to basic business contact details which, of itself, carries a low risk.

“PEXA has been working with all relevant authorities. As a result, PEXA believes it has taken all appropriate action to manage this incident and considers that it represents a low risk.”

Path to interoperability

One of the concerns raised as part of the discussion regarding the path to interoperability between Electronic Lodgment Network Operators (ELNOs), such as PEXA, was ensuring the reliability and security of the e-conveyancing network.

PEXA’s chief consumer and commercial officer Les Vance spoke of the importance of the exchange’s security at the House of Representatives’ standing committee on economics inquiry on 31 August.

Mr Vance stated that changes to the exchange and the e-conveyancing policy needed to be designed and managed, given the importance of maintaining “reliability, resilience and security of e-conveyancing as a whole”.

“No other single market has been fragmented by regulatory design then to be pieced back together through interoperability,” he added.

“The reality is that interoperability is far more complex to design, execute and bill than was represented or assumed at the start, that’s why it’s taking time.”

[Related: PEXA ‘welcomes competition’, disputes current interoperability view]