TechnologyOne, an Australian ERP SaaS provider, said an “unauthorised third party” has accessed the company’s internal Microsoft 365 platform.
In a financial filing [pdf], the company requested being placed into a trading halt.
It said the third-party, which it did not characterise, had “acted illegally” in accessing the M365 instance.
TechnologyOne said its customer-facing SaaS platform isn’t connected to M365 “and therefore has not been impacted”.
“The company has acted with urgency to investigate the issue, including initiation of its cyber response strategy, appointing third party experts, and isolating affected systems,” it said.
“Once the investigation is further progressed, we will be in a position to contact those who may be affected to work with them on the ongoing safety of their data.”
TechnologyOne added that it had reported the incident to relevant authorities.
The company said it had requested a trading halt while it continues to investigate; it anticipated trading again by the end of the week.