Australian Watchdog Sues FIIG Over Cybersecurity Failures Leading to Major Data Breach
The Australian Securities and Investments Commission (ASIC) has filed a lawsuit against fixed-income broker FIIG, accusing the company of inadequate cybersecurity practices over a four-year period, which allowed a hacker to breach its IT network.
According to ASIC, these security lapses led to the theft of approximately 385 gigabytes of confidential data, impacting around 18,000 clients who were later informed that their personal information may have been compromised.
The cyberattack, which took place between May 19 and June 8, 2023, affected FIIG’s entire IT infrastructure, with some of the stolen data surfacing on the dark web. ASIC alleges that from March 2019 to June 2023, FIIG failed to implement sufficient cyber risk management measures to prevent such an attack.
"Enhancing digital security and resilience is a key priority for ASIC, and we continue to engage with companies to strengthen their cybersecurity practices," said ASIC Chair Joe Longo.
During the period in question, global financial giant JPMorgan held assets for FIIG and its clients, valued between A$2.89 billion ($1.83 billion) and A$3.7 billion. JPMorgan declined to comment on the matter, while FIIG has yet to respond.
ASIC’s allegations highlight several security shortcomings at FIIG, including failure to update and patch software regularly and a lack of adequate resources to defend against cyber threats.
