19 October 2017

SEC fines broker-dealer $100,000 over computer security failures

20 October 2009  |  7841 views  |  0 cash

US broker-dealer Commonwealth Financial Network has been fined $100,000 for failing to insist its registered representatives maintain anti-virus software on their computers. The failure led to an intruder gaining access to the firm's Intranet, accessing customer accounts and entering unauthorised purchase orders worth over $523,000.

According to an SEC cease and desist order - first published by ZDNet - an intruder used a computer virus in November 2008 to obtain the login credentials of a Commonwealth registered representative.

Some time later that month, the intruder used the login credentials to enter Commonwealth's Intranet site and view information on how to execute trades.

Approximately a week later, the intruder used the same details to enter the trading platform before running a search query for the Commonwealth registered representative's customer accounts with cash balances in excess of a certain amount, generating a list of 368 accounts.

By doing so, the intruder had access to the account name, account number, account registration type, account net worth, cash balance, and the last four digits of the account owner's Social Security number for all 368 accounts.

The same day, the intruder placed, or attempted to place, eighteen unauthorised purchase orders for the common stock of one publicly-traded company in eight of the 368 customer accounts identified, totalling over $523,000 of purchases.

The SEC says Commonwealth's clearing broker-dealer detected the move within ten minutes and the intruder was blocked from further trading. The firm immediately cancelled the purchases and transferred them into its error account, absorbing a net loss of approximately $8000, and reported the incident to the Commission staff. It also notified the owners of the 368 accounts.

However, the SEC says Commonwealth was in violation of rules requiring broker-dealers to adopt written policies and procedures "reasonably designed to protect customer information".

Commonwealth recommended that representatives installed anti-virus software on computers used to access account information on the company's Intranet and trading platform, but did not require it.

"As a result, Commonwealth's customer information was left vulnerable to unauthorised access," says the SEC.

In addition, the firm failed to put in place procedures to adequately review its registered representatives' computer security measures. In particular, internal auditors did not audit branch office computers to determine whether anti-virus software was installed, or have procedures in place to follow up problems.

The SEC has censured Commonwealth and the company has been told to pay a civil penalty of $100,000 to the US Treasury.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Finra fines Citi $600,000 for weak trade supervision

Finra fines Citi $600,000 for weak trade supervision

13 October 2009  |  4936 views  |  0 comments
Banks face legal challenge to disclose phished account details

Banks face legal challenge to disclose phished account details

26 August 2009  |  5076 views  |  0 comments
ID theft malware soars 600% - PandaLabs

ID theft malware soars 600% - PandaLabs

20 August 2009  |  5591 views  |  0 comments
Macs target for phishing trojan

Macs target for phishing trojan

02 November 2007  |  6549 views  |  0 comments
US consumers lose billions to online scams

US consumers lose billions to online scams

07 August 2007  |  9135 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
Register nowvisit www.innotribe.com

Top topics

Most viewed Most shared
Ripple looks to drive bank adoption with $300m XRP rebate programmeRipple looks to drive bank adoption with $...
15648 views comments | 12 tweets | 4 linkedin
Swift positive on blockchain, but big challenges remainSwift positive on blockchain, but big chal...
8809 views comments | 16 tweets | 22 linkedin
satelliteGates Foundation backs Ripple collaboratio...
7911 views comments | 13 tweets | 10 linkedin
IBM uses blockchain to improve cross-border payments processingIBM uses blockchain to improve cross-borde...
7050 views comments | 9 tweets | 17 linkedin
Santander InnoVentures leads $6m funding round for Mexico's ePesosSantander InnoVentures leads $6m funding r...
6180 views comments | 6 tweets | 3 linkedin

Featured job

Competitive base + commission + benefits
Denmark, Finland, Iceland, Norway or Sweden

Find your next job