Ransomware attack took down R2 trillion investment company for five days
Curo Fund Services is investigating the cause behind the ransomware attack it suffered last week, according to a report from the Sunday Times.
The investment administration provider was unable to access its systems for five days as a result of the attack.
Curo has around R2 trillion in assets under its management. While the money was not at risk, the outage prevented Curo’s financial service provider clients from processing investment-related instructions or offering other services.
Its asset management clients include Old Mutual, Sanlam Investments, and Futuregrowth Assets.
Futuregrowth Assets halted all trading to protect its clients from potential exposure until Curo resolved the crisis five days later.
“Curo forms part of the core value chain within our trade cycle, investment administration, NAV pricing and reporting,” the Sunday Times quoted Futuregrowth Assets as saying.
“Our clients’ investments were safe, but our client flows were impacted, and our ability to report on daily valuations to clients were suspended during this period.”
Futuregrowth has R186 billion in assets under Curo’s management and said that none of its clients’ data or investments were compromised.
Old Mutual has assets worth R1.3 trillion under Curo’s management.
“During this period, the outage affected Curo’s ability to provide us with prices for some of our Old Mutual Unit Trust portfolios,” Old Mutual said.
“We are in the process of applying the updated prices to those portfolios, for those customers who transacted.”
“No individual customer data or investments were compromised as personal client data resides on Old Mutual systems and is not shared with Curo,” it added.
The attack is believed to have occurred on 19 January, and Curo regained full access to its systems the following Monday, 24 January.
The investment administration provider has launched an investigation “to establish the origin, nature and scope of this incident so as to assess any data breaches”.
“We have already implemented additional security measures to protect against further unauthorised access, and we will continue monitoring for any suspicious activity,” the company said.