FIIG Securities isolates client-facing systems after attack

FIIG
Securities,
an
Australian
brokerage
that
has
$5
billion
“under
advice”
and
6000
private
clients,
said
that
its
IT
systems
had
been
accessed
by
“an
unauthorised
third
party”.

In
a
statement,
the
company
said
it
had
“acted
with
urgency
to
investigate
the
issue,
including
the
initiation
of
our
cyber
response
strategy
working
with
third-party
cyber
security
experts
and
isolating
affected
systems.”

“We
are
working
in
partnership
with
the
relevant
authorities
to
ensure
we
are
complying
with
all
necessary
requirements
and
to
proactively
protect
the
security
and
privacy
of
all
data
we
hold,”
the
company
said.

“This
is
of
the
utmost
priority,
and
we
take
this
very
seriously.”

FIIG
added
that
it
is
attempting
to
notify
all
stakeholders
of
the
incident
“as
quickly
as
possible”.

A
notification
letter

purportedly
sent
to
customers
indicates
that
“identification
details
and
documents
provided
to
open
and
maintain
client
accounts
with
FIIG
have
been
accessed”.

The
letter
also
notes
that
FIIG
has
taken
down
“all
client-facing
systems”,
and
that
it
would
not
re-enable
access
“until
further
notice”.

Emsisoft
threat
analyst
Brett
Callow

tweeted
that
the
ransomware
group
ALPHV,
which
is
also
known
as
BlackCat,
had
claimed
responsibility
for
the
attack.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts