ASIC alleges FIIG’s security lapses led to massive data breach
A cyberattack on FIIG compromised the personal data of 18,000 clients, with stolen information appearing on the dark web.
The Australian Securities and Investments Commission (ASIC) has launched legal action against fixed-income broker FIIG, accusing it of failing to implement adequate cybersecurity measures over a four-year period.
The regulator claims these deficiencies allowed a hacker to infiltrate FIIG’s IT network, resulting in the theft of 385 gigabytes of confidential data.
The cyberattack, which lasted from May 19 to June 8, 2023, compromised the personal information of around 18,000 clients, some of which later appeared on the dark web.
ASIC alleges that between March 2019 and June 2023, FIIG did not take necessary steps to maintain proper cyber risk management, including failing to update its software and allocate sufficient resources to prevent attacks.
ASIC Chair Joe Longo emphasised the importance of cybersecurity resilience as a regulatory priority, stating that the agency has been actively engaging with companies operating in Australia to strengthen digital safety.
During the period in question, JPMorgan held assets valued between A$2.89 billion ($1.83 billion) and A$3.7 billion on behalf of FIIG and its clients. JPMorgan declined to comment, while FIIG has yet to respond to the allegations.
For more information on these topics, visit diplomacy.edu.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.