FIIG Securities to pay $2.5m penalty for cyber security failure
Make us a preferred source
Make us a preferred source on Google
The news: The Federal Court has ordered FIIG Securities to pay $2.5 million in pecuniary penalties over cyber security failures.
The penalty is a first for cyber security failures under the Australian Financial Services licence (AFSL) obligations.
The numbers: In 2023, a cyber attack saw 385 gigabytes of information stolen and leaked onto the dark web including driver’s licences, passport information, bank account details and tax file numbers.
At the time, FIIG notified around 18,000 clients that their personal information may have been compromised.
The Federal Court also ordered FIIG to pay $500,000 towards the Australian Securities and Investments Commission’s legal costs.
The context: FIIG admitted it failed to comply with AFSL licence obligations and that adequate cyber security measures would have enabled it to detect and respond to the data breach sooner.
It also admitted it would have detected the breach and prevented some or all of its clients’ information from being breached if it complied with its own policy and procedures.
What they said: ASIC deputy chair Sarah Court said: “This is the first time the Federal Court has imposed civil penalties for cyber security failures under the general AFS licensee obligations, setting a clear licence-to-operate expectation for robust cyber resilience”.
The source: ASIC media release
