• Skip to primary navigation
  • Skip to main content
Logo
Open search bar
  • About
    • Todd Cipperman
    • Why Choose Us
  • Services
    • Money Managers
    • Registered Funds
    • Private Equity
    • Broker-Dealers
    • CyberSecure - Funds
  • In The News
  • Outsourced CCO
  • Client Engagement
  • Resources
    • Helpful Information
    • Regulatory Exams
    • Executive Interviews
    • Blog
    • Podcasts & Videos
    • Best Practices
  • Contact Us

Our Take Blog

Home
Our Take Blog
Hackers Impersonated Reps to Gain Access to Client Info

Hackers Impersonated Reps to Gain Access to Client Info

 A large BD/IA agreed to pay a $1 Million fine and retain an independent compliance consultant as a result of a third-party intrusion into its customer system.  Outside hackers impersonated independent consultant registered representatives and tricked internal IT personnel to change passwords over the phone.  Although there was no unauthorized transfer of funds, the impersonators were able to access personally identifiable information of over 5000 customers.  The SEC charges the firm with violating the Safeguards Rule and with failing to implement an effective Identity Theft Prevention Program.  The SEC faults the firm for allowing outside contractors to use their own equipment, which often had security and encryption problems, and with failures to follow remote session termination procedures.

OUR TAKE:  This is the nightmare scenario for retail BD/IAs.  The desire to make life easier for the producing reps creates IT vulnerabilities exploited by bad actors.  Our recommendation is to retain an outside firm that can conduct an honest vulnerability assessment.

Back to Top
logo
480 E. Swedesford Road, Suite 220, Wayne, PA 19087
610-687-5320
LinkedIn Twitter
© 2020 Marlivia Properties LLC