Data Breach Today reports that Australia’s financial regulator has filed a lawsuit against FIIG Securities over cybersecurity failures that enabled a threat actor to steal confidential personal information of 18,000 customers:
The Australian Securities and Investments Commission said it decided to sue Brisbane-headquartered FIIG Securities in Federal Court after observing the company’s “systemic and prolonged cybersecurity failures” over a four-year period that led to the 2023 data breach.
“This matter should serve as a wake-up call to all companies on the dangers of neglecting your cybersecurity systems,” said Joe Longo, chairman of the Australian Securities and Investments Commission. “Cybersecurity isn’t a set and forget matter. All companies need to proactively and regularly check the adequacy of their cybersecurity measures.”
Between 2019 and until the breach took place, FIIG failed to appropriately configure its firewalls to protect against cyberattacks; failed to update or patch software and operating systems to address vulnerabilities; did not provide mandatory cybersecurity training to employees; and lacked human, technological and financial resources to manage cybersecurity, the commission said.
Threat actors breached FIIG’s network in June 2023 and stole approximately 385GB of confidential data, including clients’ names, addresses, birth dates, driver’s licenses, passports, bank accounts and tax file numbers.
Read more at Data Breach Today.
