Jayant Chakravarti reports:
The Australian financial regulator has filed a lawsuit against FIIG Securities, accusing the leading investment and financing company of lacking adequate cybersecurity controls to stop a threat actor from stealing confidential personal information of 18,000 customers.
The Australian Securities and Investments Commission said it decided to sue Brisbane-headquartered FIIG Securities in Federal Court after observing the company’s “systemic and prolonged cybersecurity failures” over a four-year period that led to the 2023 data breach.
… Between 2019 and until the breach took place, FIIG failed to appropriately configure its firewalls to protect against cyberattacks; failed to update or patch software and operating systems to address vulnerabilities; did not provide mandatory cybersecurity training to employees; and lacked human, technological and financial resources to manage cybersecurity, the commission said.
Read more at Data Breach Today.