The United States’ Securities and Exchange Commission (SEC) has levied fines totalling $750,000 (€636,000) on eight broker-dealers and/or investment advisors after personally identifying information of around 11,500 clients was exposed.
In each case cloud-based company email accounts were taken over by unauthorised third parties, resulting in the data being exposed for varying lengths of time between November 2017 and July this year.
“Investment advisers and broker-dealers must fulfil their obligations concerning the protection of customer information,” said Kristina Littman, chief of the SEC enforcement division’s cyber unit.
“It is not enough to write a policy requiring enhanced security measures if those requirements are not implemented or are only partially implemented, especially in the face of known attacks.”
The companies concerned have agreed to settle with the SEC. They are: Cetera Advisor Networks, Cetera Investment Services, Cetera Financial Specialists, Cetera Advisors and Cetera Investment Advisers; Cambridge Investment Research and Cambridge Investment Research Advisors; and KMS Financial Services.
The Cetera entities will pay a $300,000 penalty, Cambridge $250,000 and KMS $200,000.
PrivSec Global is back for another 2 information-packed days, featuring a series of brand new topics and themes.