Just as the Securities and Exchange Commission is sharpening its focus on cybersecurity breaches at broker dealers and registered investment advisors, Interactive Brokers is reporting private client information has been targeted.
In January, Interactive Brokers, which specializes in equities and options trading, "identified a business email compromise that resulted in the unauthorized access to a limited amount of consumer personal information," according to a sample letter to clients the firm filed on Thursday with Massachusetts. "The company activated its incident response protocols and implemented containment and remediation measures to ensure the security of the company’s email environment."
"Our investigation determined the following types of your information may have been impacted by this incident: your name" and another piece of unidentified information, according to the Interactive Brokers letter. "At this time, we have no evidence that your information was subject to actual or attempted misuse as a result of this incident."
It is not clear how many of the firm's clients have felt an impact of the email breach.
Broker-dealers and RIAs have to be constantly vigilant for such data break-ins.
"Sophisticated hackers for last 10 years have constantly improved their ability to breach systems, and it's up to firms to match them," said Sander Ressler, managing director, Essential Edge Compliance Outsourcing Services. "I think the industry will continue to fight that struggle in foreseeable future."
"When they get hit with a data breach, firms become susceptible to regulators' investigations, enforcement actions and lawsuits, because customer information has been compromised," said Brandon Reif, an industry attorney.
"We have notified certain clients of a limited business email compromise by an unknown malicious actor," an Interactive Brokers' spokesperson wrote in an email. "There is no evidence that any client’s information was subject to actual or attempted misuse as a result of this incident, and there is no evidence that there was any unauthorized access to any client’s account, or to any of [the firm's] systems."
In a move to modernize regulation around how certain institutions handle customers’ nonpublic personal information, the SEC this month said that it adopted critical amendments to Regulation S-P.
This move is intended to address the growing risks associated with technological advancements since the rule’s initial adoption in 2000. Under the amendments, broker-dealers, investment companies, registered investment advisers, and transfer agents will have to meet new requirements to safeguard customer data.
Among the updates to Regulation S-P, covered institutions are mandated to establish written policies and procedures for an incident response program. This program must include measures to detect, respond to, and recover from unauthorized access to or use of customer information.
With certain limited exceptions, the new rules also require firms to notify affected individuals, or those reasonably likely to have been affected, as soon as practicable, but no later than 30 days after the institution becomes aware of a breach.
Meanwhile, Raymond James and Tritonpoint Partners separately welcomed father-son teams, including a breakaway from UBS in Missouri.
Paul Atkins has asked staff to solicit public comment on novel ETFs, pausing the clock on as many as 24 filings linked to the booming event contracts market.
From 401(k)s to retail funds, Deloitte sees private equity and credit crossing into mainstream investing on two fronts at once.
Big-name defections from Morgan Stanley, UBS, and Merrill Lynch headline a busy two weeks of recruiting for the wirehouse.
Markets have always been unpredictable. What has changed is the amount of information investors are trying to process and the growing role advisors play in helping clients avoid emotional decisions
Wellington explores how multi strategy hedge funds may enhance diversification
As technical expertise becomes increasingly commoditized, advisors who can integrate strategy, relationships, and specialized expertise into a cohesive client experience will define the next era of wealth management
