SEC nails advisory firm for cybersecurity failure before data breach

Firm pays $75,000 to settle charges after approximately 100,000 data records compromised as a result of hack

Sep 22, 2015 @ 5:19 pm

By Alessandra Malito

An investment advisory firm has agreed to pay $75,000 to settle SEC charges that it failed to have a cybersecurity policy in place before a computer breach compromised 100,000 individuals' personal information, including records of some of the firm's clients.

The firm, R.T. Jones Capital Equities Management in St. Louis, also agreed to be censured.

Between September 2009 and July 2013, the firm stored sensitive personal information of its clients and others on a third party-hosted web server, according to a news release from the Securities and Exchange Commission. In July 2013, the web server was breached by an unknown hacker from China who gained access to the data. Though the firm has not received any indication of a client suffering as a result of the breach, it had risked all of its sensitive data, the SEC said.

The firm never adopted written policies and procedures, something the agency has pushed for since April. It did not conduct periodic risk assessments, implement a firewall, encrypt its personally-identifiable information or maintain a response plan for any incidents either. When the breach occurred, it contacted all involved and offered free identity theft monitoring through a third-party vendor.

R.T. Jones Capital Equities Management did not respond to a request comment.

"It is another testament to the fact that every firm should have a set of documented policies and procedures in line with the SEC and Finra mandates," said Sid Yenamandra, chief executive of Entreda, a cybersecurity and risk-management company, referring to the case. "You'd be amazed how many firms don't do it."

Eugene Goldman, a senior member of law firm McDermott Will & Emery and a former SEC prosecutor, said more cases are likely.

"This is the start of a series of similar actions that will be brought this year and next," Mr. Goldman said. "Further enforcement actions may be derived from deficiencies detected from the SEC's inspections of advisers."

The SEC declined to comment.

Mr. Goldman added that there is "the potential seriousness of the consequences of not having these policies and procedures, particularly the risk of not protecting clients from the hackers of personal information."

It also lessens investor confidence, he said.

Marshall S. Sprung, co-chief of the SEC enforcement division's asset management unit, said in the news release that the regulator will continue to enforce its safeguarding rules, whether or not there is clear financial harm to clients.

"Every time a breach event like this happens, you'll see the SEC publicize it more," Mr. Yenamandra said. "They're trying to make it an example."

The case puts a spotlight on the SEC's mission to enforce more serious cybersecurity regulation.

In a guidance update, the commission's division of investment management said advisers must not only provide written policies and procedures, but occasionally check the data it collects as well as the vulnerabilities of its systems and security. The Financial Industry Regulatory Authority Inc. has also been pushing for better cybersecurity processes by ramping up its random audits.

0
Comments

What do you think?

View comments

Recommended for you

Featured video

Events

Cybersecurity: Fears and opportunities for every adviser

Phishing schemes and financial hoaxes put advisers and their clients in the line of fire everyday. Joel Bruckenstein, the godfather of FinTech, offers some solutions for every firm.

Latest news & opinion

Meet our 2017 Women to Watch

Introducing 20 female financial advisers and industry executives who are distinguished leaders, advancing the business of providing advice through their creativity and hard work.

Raymond James executives call on industry to keep broker protocol

Also ask firms to pay for the administration of the protocol to 'ensure its longevity and relevance.'

Senate committee approves tax plan but full passage not assured

Several Republican senators expressed reservations about the bill, and the GOP cannot afford too many defections.

House passes tax bill, focus turns to Senate

Tax reform legislation expected to have more of a challenge in upper chamber.

SEC enforcement of advisers drops in Trump era

The agency pursued 82 cases against advisers and firms in fiscal year 2017, down from 98 the previous year.

X

Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print