Just as the Securities and Exchange Commission is sharpening its focus on cybersecurity breaches at broker dealers and registered investment advisors, Interactive Brokers is reporting private client information has been targeted.
In January, Interactive Brokers, which specializes in equities and options trading, "identified a business email compromise that resulted in the unauthorized access to a limited amount of consumer personal information," according to a sample letter to clients the firm filed on Thursday with Massachusetts. "The company activated its incident response protocols and implemented containment and remediation measures to ensure the security of the company’s email environment."
"Our investigation determined the following types of your information may have been impacted by this incident: your name" and another piece of unidentified information, according to the Interactive Brokers letter. "At this time, we have no evidence that your information was subject to actual or attempted misuse as a result of this incident."
It is not clear how many of the firm's clients have felt an impact of the email breach.
Broker-dealers and RIAs have to be constantly vigilant for such data break-ins.
"Sophisticated hackers for last 10 years have constantly improved their ability to breach systems, and it's up to firms to match them," said Sander Ressler, managing director, Essential Edge Compliance Outsourcing Services. "I think the industry will continue to fight that struggle in foreseeable future."
"When they get hit with a data breach, firms become susceptible to regulators' investigations, enforcement actions and lawsuits, because customer information has been compromised," said Brandon Reif, an industry attorney.
"We have notified certain clients of a limited business email compromise by an unknown malicious actor," an Interactive Brokers' spokesperson wrote in an email. "There is no evidence that any client’s information was subject to actual or attempted misuse as a result of this incident, and there is no evidence that there was any unauthorized access to any client’s account, or to any of [the firm's] systems."
In a move to modernize regulation around how certain institutions handle customers’ nonpublic personal information, the SEC this month said that it adopted critical amendments to Regulation S-P.
This move is intended to address the growing risks associated with technological advancements since the rule’s initial adoption in 2000. Under the amendments, broker-dealers, investment companies, registered investment advisers, and transfer agents will have to meet new requirements to safeguard customer data.
Among the updates to Regulation S-P, covered institutions are mandated to establish written policies and procedures for an incident response program. This program must include measures to detect, respond to, and recover from unauthorized access to or use of customer information.
With certain limited exceptions, the new rules also require firms to notify affected individuals, or those reasonably likely to have been affected, as soon as practicable, but no later than 30 days after the institution becomes aware of a breach.
MyVest and Vestmark have also unveiled strategic partnerships aimed at helping advisors and RIAs bring personalization to more clients.
Wealth management unit sees inflows of $23 billion.
Deal will give US investment bank a foothold in lucrative European market.
New report examines the impact that the initiative has had on philanthropy.
Few feel confident that they will meet their retirement goals.
Orion's Tom Wilson on delivering coordinated, high-touch service in a world where returns alone no longer set you apart.
Barely a decade old, registered index-linked annuities have quickly surged in popularity, thanks to their unique blend of protection and growth potential—an appealing option for investors looking to chart a steadier course through today's choppy market waters, says Myles Lambert, Brighthouse Financial.
