The Australian Securities and Investments Commission (ASIC) announced on Thursday that it is suing FIIG Securities, a fixed-income broker, accusing the company of failing to implement proper cybersecurity measures over a four-year period. These alleged failures allowed a hacker to infiltrate FIIG’s IT network, resulting in the theft of approximately 385 gigabytes of confidential data.
The breach, which occurred between May 19 and June 8, 2023, affected 18,000 clients, who were notified that their personal information may have been compromised. Some of the stolen client data was later found on the dark web.
ASIC’s lawsuit claims that from March 2019 to June 2023, FIIG failed to take necessary steps to ensure the security of its digital infrastructure. The regulator stated that the company lacked adequate cyber risk management systems, which directly contributed to the attack.
“Advancing digital safety and resilience is a strategic priority for ASIC, and we have been actively engaging with companies to support the continuous improvement of cyber and operational resilience practices,” said ASIC Chair Joe Longo.
During the period when the cybersecurity issues occurred, JPMorgan held assets for FIIG and its clients, ranging in value from A$2.89 billion ($1.83 billion) to A$3.7 billion. However, JPMorgan declined to comment on the matter when contacted by Reuters, and FIIG did not respond to requests for comment.
According to ASIC, the deficiencies alleged include FIIG’s failure to adequately update and patch its software, as well as its insufficient resources to protect against and prevent cyberattacks.
