The Australian securities watchdog said on Thursday it is taking fixed-income broker FIIG to court, alleging it failed to implement adequate cybersecurity measures over a four-year period, which enabled a hacker to infiltrate its IT network.
The Australian Securities and Investments Commission (ASIC) claimed these deficiencies resulted in the theft of approximately 385 gigabytes of confidential data at the company.
Around 18,000 clients were notified that their personal information may have been compromised.
The Australian firm was the target of a cyberattack that lasted from May 19 to June 8, 2023. The breach affected its entire IT network and some of the stolen client data was later released on the dark web.
ASIC alleged that between March 2019 and 8 June 2023, FIIG failed to take appropriate steps to make sure it had adequate cyber risk management systems in place.
“Advancing digital safety and resilience is a strategic priority for ASIC, and we have been actively engaging with companies to support the continuous improvement of cyber and operational resilience practices,” said ASIC Chair Joe Longo.
During the four-year period that ASIC alleged FIIG failed to uphold its cybersecurity obligations, lender JPMorgan held assets on behalf of FIIG and its clients, valued between A$2.89 billion ($1.83 billion) and A$3.7 billion.
JPMorgan declined to comment to a Reuters’ request for comment, while FIIG did not respond.
According to ASIC, FIIG’s alleged deficiencies included a failure to adequately update and patch its software as well as insufficient resources to protect against and prevent cyberattacks.
($1 = 1.5815 Australian dollars)
(Reporting by John Biju and Nichiket Sunil in Bengaluru; editing by Alan Barona)
