FIIG Securities, an Australian brokerage that has $5 billion “under advice” and 6000 private clients, said that its IT systems had been accessed by “an unauthorised third party”.
In a statement, the company said it had “acted with urgency to investigate the issue, including the initiation of our cyber response strategy working with third-party cyber security experts and isolating affected systems.”
“We are working in partnership with the relevant authorities to ensure we are complying with all necessary requirements and to proactively protect the security and privacy of all data we hold,” the company said.
“This is of the utmost priority, and we take this very seriously.”
FIIG added that it is attempting to notify all stakeholders of the incident “as quickly as possible”.
A notification letter purportedly sent to customers indicates that “identification details and documents provided to open and maintain client accounts with FIIG have been accessed”.
The letter also notes that FIIG has taken down “all client-facing systems”, and that it would not re-enable access “until further notice”.
Emsisoft threat analyst Brett Callow tweeted that the ransomware group ALPHV, which is also known as BlackCat, had claimed responsibility for the attack.