Regulator Takes Legal Action Over Four-Year Security Lapses
The Australian Securities and Investments Commission (ASIC) has sued FIIG Securities Limited for failing to implement adequate cybersecurity measures. The company’s security weaknesses allegedly persisted for more than four years, allowing hackers to steal 385GB of confidential client data.
18,000 Clients Affected by Data Breach
The breach exposed personal details of approximately 18,000 clients. The stolen information included names, addresses, birth dates, driver’s licenses, passports, bank accounts, and tax file numbers. Court documents reveal that a hacker infiltrated FIIG’s IT network on May 19, 2023. However, remained undetected until June 8, 2023.
FIIG learned about the potential breach on June 2, 2023, when the Australian Signals Directorate’s Cyber Security Centre contacted them. However, the company did not investigate the issue until June 8. ASIC argues that this delay increased the risk to affected clients.
ASIC Chair Joe Longo stressed the importance of maintaining strong cybersecurity systems. He warned that companies cannot afford to neglect digital security and must regularly update their protective measures. He also reminded Australian Financial Services (AFS) licensees of their legal obligation to manage cyber risks effectively.
Lawsuit Highlights Key Security Failures
ASIC’s lawsuit accuses FIIG of multiple security failures. The company allegedly did not configure and monitor firewalls, update software to fix vulnerabilities, or provide cybersecurity training to staff. Additionally, ASIC claims FIIG lacked the necessary financial and technological resources to manage cyber risks.
Legal Action Seeks Penalties and Compliance Orders
ASIC is seeking civil penalties, compliance orders, and a declaration that FIIG breached its obligations. This case is ASIC’s second major cybersecurity enforcement action. In 2022, the Federal Court ruled that financial services firm RI Advice failed to implement proper cybersecurity protections.
Financial Firms Urged to Prioritize Cybersecurity
FIIG provides retail and wholesale investors with access to fixed-income investments and bond financing. As an AFS licensee, it plays a critical role in safeguarding client funds and financial records. ASIC has emphasized that financial service providers must strengthen cybersecurity measures to protect customers and maintain trust in the financial system.
