Firm Fined Because Hackers Obtained Customer Information
FINRA fined a broker-dealer $375,000 because a hacker accessed customer information housed on its server. FINRA alleges that the BD had received recommendations about information security from a third party security consulting firm but failed to implement an intrusion detection system, although the firm did implement several other recommendations. According to FINRA, the hackers used a SQL injection mechanism to extract data. After the perps tried to blackmail the firm, federal law enforcement was informed and several of the hackers were ultimately extradited from Eastern Europe.
OUR TAKE: The regulators have imposed what amounts to a strict liability standard on firms when it comes to information security. In other words, if confidential customer information becomes exposed, the firm will likely be liable, regardless of the actions taken. Management must address this issue.