Bond broker FIIG Securities has been hit by a cyber attack, with the firm telling clients their personal information – including bank details and tax file numbers – had been compromised.
The Australian Capital Territory government has revealed that its computer system may have been exposed to hackers from October until just days ago.
The government admits private information of the territory’s citizens could have been leaked.
In an email on Sunday, FIIG told clients that “an unauthorised third party acted illegally to access our IT systems” gaining access to the personal information of clients including names, addresses, and tax file numbers, as well as their driver’s licence, passport and bank account details.
“Following our initial investigations, we understand that personal information, including the identification details and documents provided to open and maintain client accounts with FIIG have been accessed,” the email says.
Touted as Australia’s largest fixed income specialist with more than 6000 clients and about $5bn in funds under advice on its LinkedIn profile, FIIG clients include wealthy private investors, advisers, not-for-profit organisations and institutions.
It has more than 100 staff in offices in Brisbane, Sydney, Melbourne and Perth.
The firm had to “take all client-facing systems offline” to conduct further investigations. “You will not be able to access MyFIIG until further notice,” the email says. “We have acted with urgency to investigate the issue, including the initiation of our cyber response strategy, working with third-party cyber security experts and isolating affected systems.”
A spokeswoman confirmed the cyber attack without saying when it occurred.
“We are working in partnership with the relevant authorities to ensure we are complying with all necessary requirements and to proactively protect the security and privacy of all data we hold,” she said in a statement.
“This is of the utmost priority … FIIG takes the responsible management of personal information seriously and is reviewing the incident closely.”
She said clients would be provided with updates as they became available.
In the email, FIIG urges clients to monitor bank accounts for any unusual activity, be cautious about phishing texts, emails or phone calls, and suggests they replace their driver’s licence and passport.
“Out of precaution you may wish to replace your driver’s licence or passport if you have not already renewed or replaced it since initially providing us with those details,” the email says.
“We recommend that you review and continue to monitor your consumer credit report for any discrepancies or unusual activity. This is especially relevant if you have also been impacted by other cyber incidents where a broader amount of personal information has been compromised.”
It is the latest in a string of attacks that have targeted the personal information of customers of Australian companies, including a massive data breach at non-bank lender Latitude Financial where some 14 million records were stolen, including driver‘s licence and passport numbers.