“The stolen info included extremely delicate buyer knowledge akin to names, addresses, start dates, driver’s licenses, passports, checking account particulars, and tax file numbers,” ASIC stated in an announcement.
In its grievance, ASIC accused FIIG of failing to implement fundamental cybersecurity measures at varied occasions, together with:
- correctly configuring and monitoring firewalls to guard in opposition to cyber-attacks
- updating and patching software program and working techniques constantly and in a well timed method
- offering common, obligatory cybersecurity consciousness coaching to workers
- allocating insufficient human, technological, and monetary sources to handle cybersecurity.
On account of these failures, ASIC stated in its court docket submitting, “A FIIG worker inadvertently downloaded a .zip file containing malware while searching the Web. The malware allowed a menace actor to remotely entry FIIG’s community and carry out network-based lateral motion and privilege escalation.” About days later, ASIC stated, “The menace actor obtained entry to a privileged consumer account on FIIG’s community and started downloading FIIG’s knowledge.”
