Cloud Security, Compliance Management

Brokerage firms fined by SEC over email breach

The U.S. Securities and Exchange Commission has imposed fines totaling $750,000 on eight entities under brokerage firms Cetera, Cambridge Investment Research and KMS Financial Services over malicious attacks on their employees’ email accounts that exposed personally identifiable information belonging to thousands of the firms’ clients, TechCrunch reported.

The fines were a consequence of the companies’ failure to implement proper cybersecurity policies and procedures to prevent unauthorized access to their cloud-based worker email accounts, the SEC said in a press release.

The SEC said Cetera’s case involved threat actors infiltrating the cloud email accounts of more than 60 staff for more than three years, leading to the exposure of more than 4,388 personal customer information, adding that it found none of the breached accounts with protections required under the company’s policies.

The orders against Cambridge and KMS likewise stated that the companies failed to adopt and implement additional firm-wide cybersecurity practices for years after the first account takeovers were discovered.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.