Australia: Federal Court issued ruling in Australian Securities and Investments Commission lawsuit against FIIG Securities Limited over failure to meet cybersecurity requirements

On 13 February 2026, the Federal Court of Australia ordered FIIG Securities Limited (FIIG) to pay a pecuniary penalty of AUD 2'500'000 for contravening its Australian Financial Services licence obligations under section 912A of the Corporations Act 2001 (Cth) between 13 March 2019 and 8 June 2023. The Court found that FIIG failed to maintain adequate technological, human, and financial resources, as well as appropriate risk management systems, to manage cybersecurity risks. These deficiencies were identified in the context of a May 2023 cyberattack in which approximately 385 gigabytes of sensitive client data, including identification and financial information, were accessed and later partially published online, affecting around 18'000 clients. In addition to the penalty, the Court ordered FIIG to pay AUD 500'000 towards ASIC’s costs and to implement a compliance programme overseen by an independent expert.