“The stolen data included extremely delicate buyer knowledge equivalent to names, addresses, start dates, driver’s licenses, passports, checking account particulars, and tax file numbers,” ASIC mentioned in a press release.
In its grievance, ASIC accused FIIG of failing to implement primary cybersecurity measures at varied occasions, together with:
- correctly configuring and monitoring firewalls to guard in opposition to cyber-attacks
- updating and patching software program and working methods constantly and in a well timed method
- offering common, obligatory cybersecurity consciousness coaching to workers
- allocating insufficient human, technological, and monetary sources to handle cybersecurity.
On account of these failures, ASIC mentioned in its courtroom submitting, “A FIIG worker inadvertently downloaded a .zip file containing malware while looking the Web. The malware allowed a menace actor to remotely entry FIIG’s community and carry out network-based lateral motion and privilege escalation.” About days later, ASIC mentioned, “The menace actor obtained entry to a privileged person account on FIIG’s community and commenced downloading FIIG’s knowledge.”
