Arq Group distances itself from security hack

Publicly-listed Arq Group has informed shareholders it is not the Australian company mentioned in an indictment related to a case against 10 Chinese nationals allegedly involved in a state sponsored attack investigated in the US.

The Sydney Morning Herald (SMH) published on 31 October that an Australian IT company had been mentioned in the proceedings, about hacking events that occurred in 2013 impacting the aerospace industry.

As part of its investigation, SMH got in touch with Arq Group, previously known as Melbourne IT and who started out selling domains and hosting webpages, but has recently moved to a services provider approach.

The article talks about a 'Company L' which is mentioned in documents made public by the US Department of Justice.

"Melbourne IT (now Arq Group) has no knowledge of the events described in the indictment," the company told shareholders on 1 November.

"Melbourne IT has never been contacted by the Department of Justice, or any other agency, regarding the events described in the indictment. The indictment relates to an incident that occurred in late-2013 and Arq Group is not aware of any suggestion of ongoing activity.

"The alleged hack of Company L involved the alteration of DNS records and did not involve access to customer data of Company L."

Meanwhile, Martin Mercer, CEO of Arq, said that the company is "very confident" in the integrity of its systems and customer data.

"Following a number of acquisitions in 2014 and 2015 the Group consolidated all of its domains onto a single domain name registrar platform," Mercer told shareholders.

"This platform is managed in-line with best practice in software development and security standards, including ISO27001 (data security) and PCI-DSS (credit card data and handling).

"In addition, the Group regularly engages third parties to undertake testing and assurance activities, to review our security posture and access controls, and follow a schedule of external audit programs," Mercer added.