Finra: Lincoln Financial gave workers shared passwords for clients’ accounts
Finra claims that Lincoln Financial gave workers shared passwords for clients' accounts. All told, the regulator says more than 1 million records were viewed over a seven-year period.
Lincoln Financial Securities Corp. and Lincoln Financial Advisors Corp. were fined $600,000 by regulators for failing to protect confidential client information, including Social Security numbers, account numbers and balances.
The Financial Industry Regulatory Authority Inc. said Lincoln allowed employees to access client account records from their personal computers using shared user names and passwords. The company also failed to require its brokers who work remotely to download security software on computers that were used to conduct firm business.
Using shared login information, Lincoln employees could access customer account records from 2002 through 2009 through any Internet browser, according to Finra. During those seven years, more than 1 million customer records were viewed through the shared logins.
It’s unclear which employees had access to those records, because the firm didn’t monitor distribution of the shared names and passwords, the regulator said. Additionally, the passwords were never changed even after employees left the firm, so those former workers could continue to access the private client information, Finra said.
“Non-public personal information was not properly safeguarded and was at risk due to a lack of supervision and control” over the firm’s computer system access, Finra said in the consent agreement with Lincoln Financial Securities.
Lincoln said the firms believe that no “client information has been acquired or misused by any unauthorized person,” Lincoln Financial Group spokeswoman Ayele Ajavon said.
When the firm found out about the “data vulnerabilities,” it strengthened its information security policies and procedures across its computer systems, she said. The companies also voluntarily notified all customers whose account information was accessed or potentially had been exposed, and offered them credit monitoring and restoration services for a year.
The companies neither admit nor deny the allegations outlined in the consent agreement.
Lincoln Financial Securities was fined $450,000 and Lincoln Financial Advisors was fined $150,000. Both are units of Lincoln National Corp.
Learn more about reprints and licensing for this article.
