The Australian Securities and Investments Commission (ASIC) has initiated legal action against FIIG Securities, a fixed-income investment specialist, citing systemic and prolonged cybersecurity failures. These failures allegedly led to the theft of confidential data belonging to approximately 18,000 clients. ASIC alleges that between March 2019 and June 8, 2023, FIIG Securities failed to implement and maintain adequate cyber risk management systems, thereby exposing sensitive customer data to unauthorized access.
The stolen data included a wide range of highly sensitive personal and financial information, such as names, addresses, dates of birth, driver’s license details, passport information, bank account numbers, and tax file numbers. The lawsuit underscores the increasing regulatory scrutiny on financial institutions regarding their cybersecurity protocols and their responsibility to protect customer data from evolving cyber threats. The outcome of this case could set a precedent for future enforcement actions related to cybersecurity breaches in the financial sector, potentially leading to stricter compliance requirements and increased investment in cyber defense measures.
