Australia Sues FIIG Investment Firm in Cyber WakeUp Call
p
Geo Focus Australia
GeoSpecific
Litigation
ppThe Australian financial regulator has filed a lawsuit against FIIG Securities accusing the leading investment and financing company of lacking adequate cybersecurity controls to stop a threat actor from stealing confidential personal information of 18000 customersppSee Also Top 10 Technical Predictions for 2025ppThe Australian Securities and Investments Commission said it decided to sue Brisbaneheadquartered FIIG Securities in Federal Court after observing the companys systemic and prolonged cybersecurity failures over a fouryear period that led to the 2023 data breachppThis matter should serve as a wakeup call to all companies on the dangers of neglecting your cybersecurity systems said Joe Longo chairman of the Australian Securities and Investments Commission Cybersecurity isnt a set and forget matter All companies need to proactively and regularly check the adequacy of their cybersecurity measuresppBetween 2019 and until the breach took place FIIG failed to appropriately configure its firewalls to protect against cyberattacks failed to update or patch software and operating systems to address vulnerabilities did not provide mandatory cybersecurity training to employees and lacked human technological and financial resources to manage cybersecurity the commission saidppThreat actors breached FIIGs network in June 2023 and stole approximately 385GB of confidential data including clients names addresses birth dates drivers licenses passports bank accounts and tax file numbersppThe investment and financing company which has more than 288 billion in funds under management and caters to more than 6000 Australian investors did not know about the breach of customer records until the Australian Cyber Security Centre warned it about potential malicious activity FIIG took more than six days after the warning to investigate and respond to the incident regulators saidppAt that time FIIG said it acted with urgency after it learned about the cyber incident and took its IT systems and clientfacing portals offline isolating affected systems and worked with thirdparty cybersecurity experts to investigate the incidentppWe have acted with urgency to investigate and contain the incident to protect the security and privacy of the data we hold the company said in 2023 This includes the initiation of our cyber response strategy working with thirdparty cybersecurity experts and isolating affected systemsppThe financial regulator alleged in its lawsuit filed Wednesday that FIIG was solely responsible for the cybersecurity incident because it failed to put in place necessary cybersecurity measures or skilled personnel to comply with its legal obligations to protect data Regulators said FIIG violated the Corporations Act which requires organizations with Australian Financial Services License to maintain adequate risk management systemsppFIIG Securities isnt the first Australian company to be hit by a lawsuit for cybersecurity failings The commission successfully sued financial services firm RI Advice in May 2022 over significant cybersecurity failures that allowed threat actors to mount multiple cyberattacks against its authorized representatives between 2014 and 2020 These attacks compromised confidential and sensitive personal information of several thousand clients and othersppThe Federal Court ordered RI Advice to pay approximately 480000 for ASICs costs and directed the company to engage a cybersecurity expert to identify and implement adequate cybersecurity measures to address risks across its authorized representative networkppASIC also urged organizations to prioritize cybersecurity after a 2023 survey found that onethird of Australian financial organizations did not have a cyber incident response plan about 60 had limited or no capacity to protect confidential information adequately and 44 did not manage thirdparty or supply chain risksppThe financial regulator said cyber risk management and operational resilience are among its top priorities for the year to make banks insurers and superannuation trustees more resilient to cyberattacks see Australian Banks Insurers Must Perform Security AssessmentsppThe Australian Prudential Regulation Authority said it will take a proportionate response and may intensify supervision require root cause analysis request remediation plans and consider enforcement action against companies that are found to have significant cybersecurity vulnerabilitiesppSenior Editor APACppChakravarti covers cybersecurity developments in the AsiaPacific region He has been writing about technology since 2014 including for Ziff Davispp
ppCovering topics in risk management compliance fraud and information securityppBy submitting this form you agree to our Privacy GDPR StatementppwhitepaperppwhitepaperppwhitepaperppwhitepaperppGovernance Risk ManagementppCybersecurity SpendingppCritical Infrastructure SecurityppAgentic AIppEndpoint SecurityppContinue pp
90 minutes Premium OnDemand
ppOverviewppFrom heightened risks to increased regulations senior leaders at all levels are pressured to
improve their organizations risk management capabilities But no one is showing them how
until nowppLearn the fundamentals of developing a risk management program from the man who wrote the book
on the topic Ron Ross computer scientist for the National Institute of Standards and
Technology In an exclusive presentation Ross lead author of NIST Special Publication 80037
the bible of risk assessment and management will share his unique insights on how toppSr Computer Scientist Information Security Researcher
National Institute of Standards and Technology NISTppWas added to your briefcaseppAustralia Sues FIIG Investment Firm in Cyber WakeUp CallppAustralia Sues FIIG Investment Firm in Cyber WakeUp Callpp
Just to prove you are a human please solve the equation
ppSign in now ppNeed help registering
Contact support
ppComplete your profile and stay up to dateppContact Support ppCreate an ISMG account now ppCreate an ISMG account now ppNeed help registering
Contact support
ppSign in now ppNeed help registering
Contact support
ppSign in now ppOur website uses cookies Cookies enable us to provide the best experience possible and help us understand how visitors use our website By browsing databreachtodaycom you agree to our use of cookiesp
Geo Focus Australia
GeoSpecific
Litigation
ppThe Australian financial regulator has filed a lawsuit against FIIG Securities accusing the leading investment and financing company of lacking adequate cybersecurity controls to stop a threat actor from stealing confidential personal information of 18000 customersppSee Also Top 10 Technical Predictions for 2025ppThe Australian Securities and Investments Commission said it decided to sue Brisbaneheadquartered FIIG Securities in Federal Court after observing the companys systemic and prolonged cybersecurity failures over a fouryear period that led to the 2023 data breachppThis matter should serve as a wakeup call to all companies on the dangers of neglecting your cybersecurity systems said Joe Longo chairman of the Australian Securities and Investments Commission Cybersecurity isnt a set and forget matter All companies need to proactively and regularly check the adequacy of their cybersecurity measuresppBetween 2019 and until the breach took place FIIG failed to appropriately configure its firewalls to protect against cyberattacks failed to update or patch software and operating systems to address vulnerabilities did not provide mandatory cybersecurity training to employees and lacked human technological and financial resources to manage cybersecurity the commission saidppThreat actors breached FIIGs network in June 2023 and stole approximately 385GB of confidential data including clients names addresses birth dates drivers licenses passports bank accounts and tax file numbersppThe investment and financing company which has more than 288 billion in funds under management and caters to more than 6000 Australian investors did not know about the breach of customer records until the Australian Cyber Security Centre warned it about potential malicious activity FIIG took more than six days after the warning to investigate and respond to the incident regulators saidppAt that time FIIG said it acted with urgency after it learned about the cyber incident and took its IT systems and clientfacing portals offline isolating affected systems and worked with thirdparty cybersecurity experts to investigate the incidentppWe have acted with urgency to investigate and contain the incident to protect the security and privacy of the data we hold the company said in 2023 This includes the initiation of our cyber response strategy working with thirdparty cybersecurity experts and isolating affected systemsppThe financial regulator alleged in its lawsuit filed Wednesday that FIIG was solely responsible for the cybersecurity incident because it failed to put in place necessary cybersecurity measures or skilled personnel to comply with its legal obligations to protect data Regulators said FIIG violated the Corporations Act which requires organizations with Australian Financial Services License to maintain adequate risk management systemsppFIIG Securities isnt the first Australian company to be hit by a lawsuit for cybersecurity failings The commission successfully sued financial services firm RI Advice in May 2022 over significant cybersecurity failures that allowed threat actors to mount multiple cyberattacks against its authorized representatives between 2014 and 2020 These attacks compromised confidential and sensitive personal information of several thousand clients and othersppThe Federal Court ordered RI Advice to pay approximately 480000 for ASICs costs and directed the company to engage a cybersecurity expert to identify and implement adequate cybersecurity measures to address risks across its authorized representative networkppASIC also urged organizations to prioritize cybersecurity after a 2023 survey found that onethird of Australian financial organizations did not have a cyber incident response plan about 60 had limited or no capacity to protect confidential information adequately and 44 did not manage thirdparty or supply chain risksppThe financial regulator said cyber risk management and operational resilience are among its top priorities for the year to make banks insurers and superannuation trustees more resilient to cyberattacks see Australian Banks Insurers Must Perform Security AssessmentsppThe Australian Prudential Regulation Authority said it will take a proportionate response and may intensify supervision require root cause analysis request remediation plans and consider enforcement action against companies that are found to have significant cybersecurity vulnerabilitiesppSenior Editor APACppChakravarti covers cybersecurity developments in the AsiaPacific region He has been writing about technology since 2014 including for Ziff Davispp
ppCovering topics in risk management compliance fraud and information securityppBy submitting this form you agree to our Privacy GDPR StatementppwhitepaperppwhitepaperppwhitepaperppwhitepaperppGovernance Risk ManagementppCybersecurity SpendingppCritical Infrastructure SecurityppAgentic AIppEndpoint SecurityppContinue pp
90 minutes Premium OnDemand
ppOverviewppFrom heightened risks to increased regulations senior leaders at all levels are pressured to
improve their organizations risk management capabilities But no one is showing them how
until nowppLearn the fundamentals of developing a risk management program from the man who wrote the book
on the topic Ron Ross computer scientist for the National Institute of Standards and
Technology In an exclusive presentation Ross lead author of NIST Special Publication 80037
the bible of risk assessment and management will share his unique insights on how toppSr Computer Scientist Information Security Researcher
National Institute of Standards and Technology NISTppWas added to your briefcaseppAustralia Sues FIIG Investment Firm in Cyber WakeUp CallppAustralia Sues FIIG Investment Firm in Cyber WakeUp Callpp
Just to prove you are a human please solve the equation
ppSign in now ppNeed help registering
Contact support
ppComplete your profile and stay up to dateppContact Support ppCreate an ISMG account now ppCreate an ISMG account now ppNeed help registering
Contact support
ppSign in now ppNeed help registering
Contact support
ppSign in now ppOur website uses cookies Cookies enable us to provide the best experience possible and help us understand how visitors use our website By browsing databreachtodaycom you agree to our use of cookiesp
