(Reuters) - The Australian securities watchdog said on Thursday it is taking fixed-income broker FIIG to court, alleging it failed to implement adequate cybersecurity measures over a four-year period, enabling a hacker to infiltrate its IT network.
The Australian Securities and Investments Commission (ASIC) claims FIIG's deficiencies resulted in the theft of approximately 385 gigabytes of confidential data. Around 18,000 clients were notified that their personal information may have been compromised.
Australian-based FIIG Securities was the target of a cyberattack that lasted from May 19, 2023, to June 8, 2023. The breach affected its entire IT network and some of the stolen client data was later released on the dark web.
"Advancing digital safety and resilience is a strategic priority for ASIC, and we have been actively engaging with companies to support the continuous improvement of cyber and operational resilience practices," said ASIC chair, Joe Longo.
During the period that ASIC alleges FIIG failed to uphold its cybersecurity obligations, banking giant JPMorgan held assets on behalf of FIIG and its clients valued between A$2.89 billion ($1.83 billion) and A$3.7 billion.
FIIG and JPMorgan did not immediately respond to Reuters' requests for comment.
According to ASIC, FIIG's alleged deficiencies included a failure to adequately update and patch its software, as well as insufficient resources to protect against and prevent cyberattacks.
($1 = 1.5815 Australian dollars)
(Reporting by Nichiket Sunil in Bengaluru; Editing by Alan Barona)