One of Lincoln Financial Network's independent broker-dealers was fined $650,000 by the Financial Industry Regulatory Authority Inc. for failing to reasonably safeguard confidential customer data and exposing thousands of clients' records to foreign hackers.
Finra also found that the firm, Lincoln Financial Securities Corp., failed to reasonably retain reports of client account information and assets, known as consolidated reports in the industry.
From at least 2011 to 2015, Lincoln Financial Securities failed to maintain and enforce a supervisory system reasonably designed to ensure the security of confidential customer information stored on electronic systems at the firm's branch offices, according to the Finra settlement released Monday.
For example, “hackers with foreign internet protocol addresses were able to access a cloud server” at a branch of the firm, “exposing the confidential records and information of approximately 5,400 customers,” according to the settlement.
And from the end of 2010 through the end of 2013, the firm failed to maintain and enforce a supervisory system reasonably designed to ensure the preservation, retention and review of consolidated reports produced by registered representatives and provided to clients, according to the settlement.
As part of the settlement, the firm neither admitted nor denied the allegations, noted spokesman Michael Arcaro.
“We are unaware of any misuse of customer information or harm to customers related to these issues,” he said. “Protecting our customers is of utmost importance to us, and we have enhanced, and are in the process of further enhancing, the firm's supervisory processes and procedures.”
According to the most recent survey of independent broker-dealers by InvestmentNews, Lincoln Financial Network at the end of last year had 8,523 producing reps and total revenues of $854.6 million. Lincoln Financial Securities has more than 1,100 advisers.
In the settlement, Finra noted that Lincoln Financial Securities in 2011 had similar problems with failing to establish adequate procedures to protect confidential customer information that was stored on its web-based electronic portfolio management system, along with other security-related violations. The firm at the time entered into a settlement that neither admitted nor denied Finra's findings and agreed to a $450,000 fine.