Breaking News

Crypto platform Debiex to pay $2.4M for online romance scam
US Treasury removes economic sanctions against Tornado Cash
CME Group imposes $60k fine on TFS Derivatives HK
CFTC asks Court to impose $18.9M penalty on head of Bright Future Financial
Exclusive: BDSwiss alum Elena Yiangou joins Finera as Head of Marketing
ASIC office

/

ASIC takes FIIG Securities to Court for cybersecurity failures

0 Comments


The Australian Securities and Investments Commission (ASIC) has taken FIIG Securities Limited to Court for cybersecurity failures.

FIIG Securities Limited allegedly failed to have adequate cybersecurity measures for more than four years, according to documents filed by ASIC in the Federal Court. This enabled the theft of approximately 385GB of confidential data, with some 18,000 clients notified that their personal information may have been compromised.

ASIC alleges from March 2019 to 8 June 2023, FIIG failed to take the appropriate steps, as is required by an Australian Financial Services (AFS) licensee, to ensure it had adequate cyber risk management systems in place.

FIIG’s cybersecurity failures enabled a hacker to enter its IT network and go undetected from 19 May 2023 until 8 June 2023, resulting in the theft of personal information and subsequent release of client data on the dark web.

The stolen data included highly sensitive customer information, including names, addresses, birth dates, driver’s licences, passports, bank accounts and tax file numbers.

FIIG advised ASIC that it was contacted by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) about a potential cybersecurity incident on 2 June 2023. FIIG was not aware the incident occurred before this contact.

FIIG did not investigate and respond to the incident until 8 June 2023, almost a week after it had been notified of potential malicious activity by the ASD’s ACSC.

ASIC’s allegations include FIIG’s failure to:

  • have appropriately configured and monitored firewalls to protect against cyber attacks
  • update and patch software and operating systems to address security vulnerabilities
  • provide mandatory training to staff on cyber security awareness, and
  • have adequate human, technological and financial resources to manage cyber security.

The regulator is seeking declarations of contraventions, civil penalties and compliance orders.

This is ASIC’s second cybersecurity enforcement action. In May 2022, the Federal Court ruled AFS licensee, RI Advice, had breached its license obligations to act efficiently and fairly when it failed to have adequate risk management systems to manage its cybersecurity risks.


Maria Nikolova

Maria has been engaged in journalism for more than 17 years, providing Forex industry coverage for the past 10 years. Before joining FNG she was Managing Editor at FinanceFeeds. Prior to that, she worked at LeapRate. Maria has a Philosophy degree from the St. Kliment Ochridski university in Sofia. She has specialized in Cognitive Science in Vienna. Her interests include psychology, AI, and linguistics.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Don't miss out!

Don't miss out!

Get FNG's daily newsletter to receive notice of all articles like this one, in a concise daily email.

Subscribe now!

You have Successfully Subscribed!