The Australian Securities and Investments Commission (ASIC) is taking financial advice company RI Group to the Federal Court for failing to maintain a “reasonable standard” of cyber security.
In its court filings, ASIC alleges that RI Group didn’t do enough to ensure its representatives secured the sensitive personal and financial information of their clients, citing multiple incidents in which poor cyber risk management resulted in data breaches and fraud attempts.
Between December 2016 and May 2018 – while RI Group was still owned by ANZ bank – one of the group’s financial advisors was hit by ransomware and two were hacked through remote access ports.
In one instance, a malicious actor logged 155 hours of activity on the server of an RI Group trustee, the Frontier Trust, accessing personal data and identification documents.
It took three months before anybody noticed.
Then three of the Frontier Trust’s clients reported attempted identity theft including “a mail redirection application being lodged with Australia Post and multiple bank accounts being opened without their consent”.
Another three months later and 27 of the Frontier Trust’s came forward…
