Australia’s financial regulator has launched legal action against financial services firm Fortnum Private Wealth for allegedly exposing its clients to unacceptable cybersecurity risks.
The Australian Securities and Investments Commission (ASIC) filed proceedings against the financial advisory company in the New South Wales (NSW) Supreme Court on July 21.
ASIC claims Fortnum Private Wealth failed to have adequate policies, frameworks, systems and controls in place to deal with cybersecurity risks.
The Commission alleges these failings contributed to a number of Fortnum’s clients and authorized representatives (ARs) experiencing cyber incidents.
One incident resulted in a major breach of over 200GB of data relating to up to 9828 clients in September 2022. This confidential information was subsequently published on the dark web.
On numerous occasions, threat actor gained access to AR email accounts, which they used to send phishing emails to clients.
Most of these incidents occurred after Fortnum introduced a specific cybersecurity policy in April 2021. ASIC contends the policy was not an adequate response to manage cybersecurity risk, particularly for a financial…
