Australian Regulators Sue FIIG Securities Over Cybersecurity Failure

Australian Securities and Investments Commission (ASIC), sued bond brokers FIIG Securities. (photo: x @EpicPlain)

JAKARTA - Australia's securities supervisory authority, the Australian Securities and Investments Commission (ASIC), is suing bond brokers FIIG Securities. This is because they failed to implement adequate cybersecurity measures for four years, allowing hackers to infiltrate the company's IT network in Australia.

In a lawsuit filed on Thursday 13 March, ASIC alleges that the weakness of the FIIG security system caused the theft of about 385 gigabytes of company classified data. The incident resulted in about 18,000 clients, who have been notified that their personal information may have been leaked.

FIIG has been the target of cyberattacks from May 19 to June 8, 2023, where its entire IT network was affected. Some of the stolen data has reportedly been leaked on the dark web.

ASIC accused that from March 2019 to June 8, 2023, FIIG did not take enough steps to ensure they had an adequate cyber risk management system.

FIG Doesn't Have Strong Cyber Protection

The chairman of the ASIC, Joe Longo, emphasized that digital security and operational resilience are strategic priorities for regulators. They also continue to work with companies to increase protection standards against cyber threats.

According to ASIC, the FIIG failed to meet cybersecurity standards for not updating and patching its software adequately. The FIIG is also accused of not having enough resources to protect their system from cyberattacks.

During this period of failure, global JPMorgan lenders held assets in the name of FIG and its clients with a value ranging from 2.89 billion to USD 3.7 billion. However, JPMorgan declined to comment on the case, while FIG has not yet responded to requests for comment from the media.