The corporate regulator is taking investments adviser FIIG to court over alleged cybersecurity failures that led to the theft of clients’ confidential data.

The Australian Securities and Investments Commission says the lapses exposed the fixed-income broker and its clients to “the risk of a cyber intrusion and the adverse consequences thereof to a heightened and unreasonable extent”.

“Harm suffered as a result of the conduct,” it adds in a statement to the Federal Court.

ASIC alleges security failures allowed a hacker to enter the business’ IT network on May 19 2023, resulting in the release of client data on the dark web.

“The stolen data included highly sensitive customer information, including names, addresses, birth dates, drivers’ licences, passports, bank accounts and tax file numbers,” it says.

The adviser was allegedly unaware of the intrusion until it was contacted by the Australian Signals Directorate’s Australian Cyber Security Centre on June 2 2023.

ASIC says FIIG did not investigate and respond to the incident until June 8.

“Australian financial services licensees are required by law to have adequate cybersecurity risk management systems in place,” ASIC chair Joe Longo said.

“We allege FIIG’s inadequate cybersecurity measures left the business and its confidential client information vulnerable and exposed to significant risk.”

Mr Longo says the incident “should serve as a wake-up call to all companies on the dangers of neglecting your cybersecurity systems. Cybersecurity isn’t a set and forget matter.

“Advancing digital safety and resilience is a strategic priority for ASIC, and we have been actively engaging with companies to support the continuous improvement of cyber and operational resilience practices.”

See ASIC’s statement to the court here.