Australia: Securities and Investments Commission filed lawsuit against FIIG Securities over failure to meet cybersecurity requirements (Securities and Investments Commission v FIIG Securities Limited) (No. QUD144/2025)

On 12 March 2025, the Australian Securities and Investments Commission (ASIC) filed a lawsuit against FIIG Securities Limited at the Federal Court of Australia. The lawsuit alleged that FIIG Securities Limited failed to maintain adequate cybersecurity protections between March 2019 and June 2023. The failure resulted in the compromise of sensitive client information. Specifically, a data breach in May 2023 resulted in the theft of 385GB of client information, which was later published on the dark web. The lawsuit alleges that FIIG lacked sufficient financial, technological, and human resources to meet its obligations under its Australian Financial Services Licence (AFSL). The lawsuit seeks declarations of breach, financial penalties, and a compliance order requiring FIIG to review and enhance its cybersecurity systems.