In an Australian first, ASIC confirmed on Thursday that the Federal Court found that RI Advice did not act efficiently and fairly when it failed to have adequate risk management systems to manage its cybersecurity risks.
According to the corporate regulator, a “significant number” of cyber incidents occurred at authorised representatives of RI Advice between June 2014 and May 2020, including an incident where “an unknown malicious agent obtained, through a brute force attack, unauthorised access to an authorised representative’s file server from December 2017 to April 2018 before being detected, resulting in the potential compromise of confidential and sensitive personal information of several thousand clients and other persons”.
“These cyber-attacks were significant events that allowed third parties to gain unauthorised access to sensitive personal information. It is imperative for all entities, including licensees, to have adequate cybersecurity systems in place to protect against unauthorised access,” ASIC deputy chair Sarah Court said.
“ASIC strongly encourages all entities to follow the advice of the Australian Cyber Security…
