Interactive Brokers latest B-D to report data breach

Interactive Brokers latest B-D to report data breach
'Sophisticated hackers for last 10 years have constantly improved their ability to breach systems,' compliance consultant says.
MAY 21, 2024

Just as the Securities and Exchange Commission is sharpening its focus on cybersecurity breaches at broker dealers and registered investment advisors, Interactive Brokers is reporting private client information has been targeted.

In January, Interactive Brokers, which specializes in equities and options trading, "identified a business email compromise that resulted in the unauthorized access to a limited amount of consumer personal information," according to a sample letter to clients the firm filed on Thursday with Massachusetts. "The company activated its incident response protocols and implemented containment and remediation measures to ensure the security of the company’s email environment."

"Our investigation determined the following types of your information may have been impacted by this incident: your name" and another piece of unidentified information, according to the Interactive Brokers letter. "At this time, we have no evidence that your information was subject to actual or attempted misuse as a result of this incident."

It is not clear how many of the firm's clients have felt an impact of the email breach.

Broker-dealers and RIAs have to be constantly vigilant for such data break-ins.

"Sophisticated hackers for last 10 years have constantly improved their ability to breach systems, and it's up to firms to match them," said Sander Ressler, managing director, Essential Edge Compliance Outsourcing Services. "I think the industry will continue to fight that struggle in foreseeable future."

"When they get hit with a data breach, firms become susceptible to regulators' investigations, enforcement actions and lawsuits, because customer information has been compromised," said Brandon Reif, an industry attorney.

"We have notified certain clients of a limited business email compromise by an unknown malicious actor," an Interactive Brokers' spokesperson wrote in an email. "There is no evidence that any client’s information was subject to actual or attempted misuse as a result of this incident, and there is no evidence that there was any unauthorized access to any client’s account, or to any of [the firm's] systems."

In a move to modernize regulation around how certain institutions handle customers’ nonpublic personal information, the SEC this month said that it adopted critical amendments to Regulation S-P.

This move is intended to address the growing risks associated with technological advancements since the rule’s initial adoption in 2000. Under the amendments, broker-dealers, investment companies, registered investment advisers, and transfer agents will have to meet new requirements to safeguard customer data.

Among the updates to Regulation S-P, covered institutions are mandated to establish written policies and procedures for an incident response program. This program must include measures to detect, respond to, and recover from unauthorized access to or use of customer information.

With certain limited exceptions, the new rules also require firms to notify affected individuals, or those reasonably likely to have been affected, as soon as practicable, but no later than 30 days after the institution becomes aware of a breach.

IN DEI editorial board: How DEI can help grow your business

Latest News

Merrill lands four advisor teams as May recruiting data shows firm's two-way churn
Merrill lands four advisor teams as May recruiting data shows firm's two-way churn

Merrill's latest hires span Colorado to Louisiana, even as industry-wide recruiting data suggests the firm is losing almost as many advisors as it gains.

Fund manager sues Kandeo, alleges $100 million FinSocial loss
Fund manager sues Kandeo, alleges $100 million FinSocial loss

The $36 million buy allegedly hid inflated books and a $50 million diversion.

Advisor gets $200,000 from Ameriprise in 'emotional distress' lawsuit
Advisor gets $200,000 from Ameriprise in 'emotional distress' lawsuit

“An award citing emotional distress is very unusual,” an industry executive said.

Workplace financial education linked to stronger financial habits, but participation remains low
Workplace financial education linked to stronger financial habits, but participation remains low

New EBRI research found workers who participated in employer financial education reported higher confidence, literacy and financial satisfaction.

The rise of the super advisor: How AI is redefining competitive advantage in wealth management
The rise of the super advisor: How AI is redefining competitive advantage in wealth management

Beyond operational excellence, the winning advisors of the future are the ones who can reach across multiple disciplines without discarding specialist skills.

SPONSORED Direct indexing webinar targets tax-loss harvesting amid market swings

Northern Trust’s Ken Lassner shows advisors how to convert volatility into after-tax portfolio gains

SPONSORED Who builds the income when the pension disappears?

Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income