The Australian Securities and Investments Commission (ASIC) has launched legal action against fixed-income broker FIIG, accusing it of failing to implement adequate cybersecurity measures over a four-year period.

The regulator claims these deficiencies allowed a hacker to infiltrate FIIG's IT network, resulting in the theft of 385 gigabytes of confidential data.

The cyberattack, which lasted from May 19 to June 8, 2023, compromised the personal information of around 18,000 clients, some of which later appeared on the dark web.

ASIC alleges that between March 2019 and June 2023, FIIG did not take necessary steps to maintain proper cyber risk management, including failing to update its software and allocate sufficient resources to prevent attacks.

ASIC Chair Joe Longo emphasised the importance of cybersecurity resilience as a regulatory priority, stating that the agency has been actively engaging with companies operating in Australia to strengthen digital safety.

During the period in question, JPMorgan held assets valued between A$2.89 billion ($1.83 billion) and A$3.7 billion on behalf of FIIG and its clients. JPMorgan declined to comment, while FIIG has yet to respond to the allegations.