- ITDM 2025 전망 | “불경기 시대 속 콘텐츠 산업··· 기술이 돌파구를 마련하다” CJ ENM 조성철 엔터부문 CIO
- 50억 달러 피해에서 700명 해고까지··· 2024년 주요 IT 재난 8선
- Network problems delay flights at two oneworld Alliance airlines
- Leveraging Avaya Experience Platform to accelerate your digital banking transformation
- The best iRobot vacuums of 2024: Expert tested and reviewed
SEC Sanctions Eight Firms Over Deficient Cybersecurity Procedures
The United States Securities and Exchange Commission (SEC) has charged eight companies with cybersecurity failures that led to the exposure of personal information.
Sanctions against the firms were announced on Monday in the form of three actions against Cetera Advisor Networks LLC, Cetera Investment Services LLC, Cetera Financial Specialists LLC, Cetera Advisors LLC, and Cetera Investment Advisers LLC (collectively, the Cetera Entities); Cambridge Investment Research Inc. and Cambridge Investment Research Advisors Inc. (collectively, Cambridge); and KMS Financial Services Inc. (KMS).
In a statement released August 30, the SEC said: “The Securities and Exchange Commission today sanctioned eight firms in three actions for failures in their cybersecurity policies and procedures that resulted in email account takeovers exposing the personal information of thousands of customers and clients at each firm.”
All the accused firms were Commission-registered as investment advisory firms, broker dealers, or both. They have all entered into agreements with the SEC to settle the charges laid against them.
An SEC investigation into the cybersecurity of Cetera Entities found that between November 2017 and June 2020, the personally identifying information (PII) of at least 4,388 customers and clients was exposed after the cloud-based email accounts of more than 60 personnel of Cetera Entities were taken over by unauthorized third parties.
Between January 2018 and July 2021, email account takeovers of 121 email accounts belong to Cambridge representatives caused the PII of at least 2,177 Cambridge customers and clients to be exposed. At KMS, between September 2018 and December 2019, 15 financial advisers or their assistants had their email accounts taken over by unauthorized third parties, resulting in the PII exposure of approximately 4,900 KMS customers and clients.
The SEC found that KMS and Cambridge “failed to adopt written policies and procedures requiring additional firm-wide security measures” until August 2020 and 2021, respectively.
“It is not enough to write a policy requiring enhanced security measures if those requirements are not implemented or are only partially implemented, especially in the face of known attacks,” said Kristina Littman, chief of the SEC Enforcement Division’s Cyber Unit.
Cetera Entities will pay a $300,000 penalty, KMS will pay $200,000, and Cambridge will pay $250,000.