It seems like every day we see reports of hacking of corporate computers, resulting in the disclosure of personal customer information.
Unfortunately, the brokerage industry is not immune from such attacks. Just yesterday the SEC sanctioned eight firms in three different actions for failures in their cybersecurity policies and procedures that resulted in email account takeovers exposing the personal information of thousands of customers and clients at each firm.
The SEC’s orders against each of the firms finds that they violated Rule 30(a) of Regulation S-P, also known as the Safeguards Rule, which is designed to protect confidential customer information, as well as Section 206(4) of the Advisers Act and Rule 206(4)-7 for the firms that are RIAs, in connection with their breach notifications to clients.
Without admitting or denying the SEC’s findings, each firm agreed to cease and desist from future violations of the charged provisions, to be censured and to pay penalties, totaling $750,000.00.
Have a securities law question? Call Sallah Astarita & Cox at 212-509-6544.