22 March 2018
visit www.nextgenbanking.co.uk

SEC fines broker-dealer $100,000 over computer security failures

20 October 2009  |  7925 views  |  0 cash

US broker-dealer Commonwealth Financial Network has been fined $100,000 for failing to insist its registered representatives maintain anti-virus software on their computers. The failure led to an intruder gaining access to the firm's Intranet, accessing customer accounts and entering unauthorised purchase orders worth over $523,000.

According to an SEC cease and desist order - first published by ZDNet - an intruder used a computer virus in November 2008 to obtain the login credentials of a Commonwealth registered representative.

Some time later that month, the intruder used the login credentials to enter Commonwealth's Intranet site and view information on how to execute trades.

Approximately a week later, the intruder used the same details to enter the trading platform before running a search query for the Commonwealth registered representative's customer accounts with cash balances in excess of a certain amount, generating a list of 368 accounts.

By doing so, the intruder had access to the account name, account number, account registration type, account net worth, cash balance, and the last four digits of the account owner's Social Security number for all 368 accounts.

The same day, the intruder placed, or attempted to place, eighteen unauthorised purchase orders for the common stock of one publicly-traded company in eight of the 368 customer accounts identified, totalling over $523,000 of purchases.

The SEC says Commonwealth's clearing broker-dealer detected the move within ten minutes and the intruder was blocked from further trading. The firm immediately cancelled the purchases and transferred them into its error account, absorbing a net loss of approximately $8000, and reported the incident to the Commission staff. It also notified the owners of the 368 accounts.

However, the SEC says Commonwealth was in violation of rules requiring broker-dealers to adopt written policies and procedures "reasonably designed to protect customer information".

Commonwealth recommended that representatives installed anti-virus software on computers used to access account information on the company's Intranet and trading platform, but did not require it.

"As a result, Commonwealth's customer information was left vulnerable to unauthorised access," says the SEC.

In addition, the firm failed to put in place procedures to adequately review its registered representatives' computer security measures. In particular, internal auditors did not audit branch office computers to determine whether anti-virus software was installed, or have procedures in place to follow up problems.

The SEC has censured Commonwealth and the company has been told to pay a civil penalty of $100,000 to the US Treasury.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Finra fines Citi $600,000 for weak trade supervision

Finra fines Citi $600,000 for weak trade supervision

13 October 2009  |  5109 views  |  0 comments
Banks face legal challenge to disclose phished account details

Banks face legal challenge to disclose phished account details

26 August 2009  |  5158 views  |  0 comments
ID theft malware soars 600% - PandaLabs

ID theft malware soars 600% - PandaLabs

20 August 2009  |  5644 views  |  0 comments
Macs target for phishing trojan

Macs target for phishing trojan

02 November 2007  |  6612 views  |  0 comments
US consumers lose billions to online scams

US consumers lose billions to online scams

07 August 2007  |  9235 views  |  0 comments

Related company news


Related blogs

Create a blog about this story (membership required)
Visit www.facebook.com/business/Register your place todayVisit www.nextgenbanking.co.uk

Top topics

Most viewed Most shared
hands typing furiouslyBitcoin at 50,000 USD?
13362 views 0 | 5 tweets | 4 linkedin
Can banks be a threat to Big Tech?Can banks be a threat to Big Tech?
10899 views comments | 31 tweets | 40 linkedin
BBVA tests 'invisible payments' technology at inhouse cafeBBVA tests 'invisible payments' technology...
10435 views comments | 14 tweets | 32 linkedin
RBS hatches plan to create digital challenger bankRBS hatches plan to create digital challen...
10222 views comments | 12 tweets | 23 linkedin
Barclays partners seven watch brands for contactless timepiecesBarclays partners seven watch brands for c...
9766 views comments | 14 tweets | 29 linkedin

Featured job

Singapore (or Hong Kong)

Find your next job