Cyber Incident Victim: Commsec

In 2015, the Australian Securities & Investments Commission (ASIC) and the Australian Federal Police jointly investigated suspicious trading activity involving compromised retail accounts at E*Trade, Commsec, and the Australian Investment Exchange. The probe revealed that an unnamed Russian hacker had illegally accessed client accounts to manipulate 13 penny stocks listed on the Australian Securities Exchange during the previous year. The attacker executed trades designed to artificially inflate the targeted stocks' prices before liquidating positions to secure profits totaling $77,429 AUD. Specific trades were traced to an overseas account held with Morgan Stanley Australian Securities. ASIC publicly attributed the scheme to a single Russian actor but did not disclose technical details about the account compromises or the duration of unauthorized access.

The investigation led to an Australian court order restraining the $77,429 AUD in illicit profits, though authorities did not name the suspect or file public criminal charges at the time of reporting. ASIC confirmed the manipulation relied entirely on hacked third-party accounts rather than the attacker's own capital. No statements were provided regarding remediation steps taken by the affected brokerages or potential impacts on compromised account holders. The regulatory body emphasized the cross-border nature of the incident but did not specify whether international law enforcement agencies participated in the investigation. Financial losses appeared limited to the market manipulation profits, with no mention of additional theft from client accounts or systemic disruption to trading platforms.