18 December 2017
visit www.aciworldwide.com

SEC fines broker-dealer $100,000 over computer security failures

20 October 2009  |  7873 views  |  0 cash

US broker-dealer Commonwealth Financial Network has been fined $100,000 for failing to insist its registered representatives maintain anti-virus software on their computers. The failure led to an intruder gaining access to the firm's Intranet, accessing customer accounts and entering unauthorised purchase orders worth over $523,000.

According to an SEC cease and desist order - first published by ZDNet - an intruder used a computer virus in November 2008 to obtain the login credentials of a Commonwealth registered representative.

Some time later that month, the intruder used the login credentials to enter Commonwealth's Intranet site and view information on how to execute trades.

Approximately a week later, the intruder used the same details to enter the trading platform before running a search query for the Commonwealth registered representative's customer accounts with cash balances in excess of a certain amount, generating a list of 368 accounts.

By doing so, the intruder had access to the account name, account number, account registration type, account net worth, cash balance, and the last four digits of the account owner's Social Security number for all 368 accounts.

The same day, the intruder placed, or attempted to place, eighteen unauthorised purchase orders for the common stock of one publicly-traded company in eight of the 368 customer accounts identified, totalling over $523,000 of purchases.

The SEC says Commonwealth's clearing broker-dealer detected the move within ten minutes and the intruder was blocked from further trading. The firm immediately cancelled the purchases and transferred them into its error account, absorbing a net loss of approximately $8000, and reported the incident to the Commission staff. It also notified the owners of the 368 accounts.

However, the SEC says Commonwealth was in violation of rules requiring broker-dealers to adopt written policies and procedures "reasonably designed to protect customer information".

Commonwealth recommended that representatives installed anti-virus software on computers used to access account information on the company's Intranet and trading platform, but did not require it.

"As a result, Commonwealth's customer information was left vulnerable to unauthorised access," says the SEC.

In addition, the firm failed to put in place procedures to adequately review its registered representatives' computer security measures. In particular, internal auditors did not audit branch office computers to determine whether anti-virus software was installed, or have procedures in place to follow up problems.

The SEC has censured Commonwealth and the company has been told to pay a civil penalty of $100,000 to the US Treasury.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Finra fines Citi $600,000 for weak trade supervision

Finra fines Citi $600,000 for weak trade supervision

13 October 2009  |  4965 views  |  0 comments
Banks face legal challenge to disclose phished account details

Banks face legal challenge to disclose phished account details

26 August 2009  |  5104 views  |  0 comments
ID theft malware soars 600% - PandaLabs

ID theft malware soars 600% - PandaLabs

20 August 2009  |  5618 views  |  0 comments
Macs target for phishing trojan

Macs target for phishing trojan

02 November 2007  |  6575 views  |  0 comments
US consumers lose billions to online scams

US consumers lose billions to online scams

07 August 2007  |  9182 views  |  0 comments

Related company news


Related blogs

Create a blog about this story (membership required)
visit www.atos.netvisit www.niceactimize.comvisit www.ebaday.com

Top topics

Most viewed Most shared
satelliteRipple completes XRP Lockup
11023 views comments | 3 tweets | 2 linkedin
Banks tap Ethereum smart contracts for MiFID II complianceBanks tap Ethereum smart contracts for MiF...
8425 views comments | 11 tweets | 12 linkedin
Banks and fintech startups join forces on blockchain-based supply chain pilotBanks and fintech startups join forces on...
7516 views comments | 19 tweets | 22 linkedin
Nordea takes Open APIs into live productionNordea takes Open APIs into live productio...
6993 views comments | 6 tweets | 26 linkedin
hands typing furiouslyReshaping Customer Engagement & Da...
6951 views 0 | 4 tweets | 2 linkedin

Featured job

Competitive base, commission, benefits
London, UK

Find your next job