ASIC sues FIIG Securities over cybersecurity failures
Make us a preferred source
Make us a preferred source on Google
The news: Corporate regulator ASIC has taken FIIG Securities to court for allegedly failing to have adequate cybersecurity measures in place for more than four years.
Th context: ASIC alleges in filings to the Federal Court that FIIG failed to take the appropriate steps, as required by its Australian Financial Services (AFS) license, to ensure it had adequate cyber risk management systems in place between March 2019 to 8 June 2023.
According to ASIC, the cybersecurity failures enabled a hacker to enter FIIG’s IT network and go undetected from 19 May 2023 until 8 June 2023, resulting in the theft of personal information and subsequent release of highly sensitive client data on the dark web, which included names, addresses, birth dates, driver’s licences, passports, bank accounts and tax file numbers.
ASIC alleges FIIG’s inadequate cybersecurity measures left the business and its confidential client information vulnerable and exposed to significant risk. FIIG advised ASIC that it was contacted by the Australian Signals Directorate’s Australian Cyber Security Centre about a potential cybersecurity incident on 2 June 2023. FIIG did not investigate and respond to the incident until 8 June 2023, almost a week after it had been notified.
“This matter should serve as a wake-up call to all companies on the dangers of neglecting your cybersecurity systems,” ASIC Chair Joe Longo said in a statement. “Cybersecurity isn’t a set and forget matter. All companies need to proactively and regularly check the adequacy of their cybersecurity measures and follow the advice of the ASD’S ACSC.”
The source: ASIC media release
