14 December 2017
visit www.avoka.com

Lincoln Financial fined for failing to safeguard customer data

18 February 2011  |  4023 views  |  0 Source: Finra

The Financial Industry Regulatory Authority (FINRA) announced today that it has imposed fines of $450,000 against Lincoln Financial Securities, Inc. (LFS) and $150,000 against an affiliated firm, Lincoln Financial Advisors Corporation (LFA), for failure to adequately protect non-public customer information. In addition, LFS failed to require brokers working remotely to install security application software on their own personal computers used to conduct the firm's securities business.

Securities and Exchange Commission (SEC) and FINRA rules require every broker-dealer to adopt written policies and procedures that address safeguards for the protection of customer records and information. FINRA found that for extended periods of time - seven years for LFS and approximately two years for LFA - certain current and former employees were able to access customer account records through any Internet browser by using shared login credentials. From 2002 through 2009, between the two firms, more than 1 million customer account records were accessed through the use of shared user names and passwords. Since neither firm had policies or procedures to monitor the distribution of the shared user names and passwords, they were not able to track how many or which employees gained access to the site during this period of time. As a result of the weaknesses in access controls to the firms' system, confidential customer records including names, addresses, social security numbers, account numbers, account balances, birth dates, email addresses and transaction details were at risk.

The Web-based system both firms used combined non-public customer account information from various sources and allowed employees to view the customer account information within a single site. Home office personnel from both firms could access the system either by clicking on a link on the firm's website or could gain access through any Internet browser by going directly to the system's website and logging in with one of the shared user names and passwords.

FINRA also found that LFS and LFA did not have procedures to disable or change the shared user names and passwords on a recurring basis even after a home office employee had been terminated. Many individuals left the two firms during the relevant time period, yet the shared user names and passwords were never changed, and the firms had no way of determining whether former employees continued to access confidential customer information using those same user names and passwords.

In assessing sanctions, FINRA took into consideration the firms' efforts to notify all customers whose account information was or had been potentially exposed on the firms' Web-based system, and offered those customers credit monitoring and restoration services for a period of one year.

In settling these matters, LFS, based in Concord, New Hampshire, and LFA, based in Fort Wayne, Indiana, neither admitted nor denied the charges, but consented to the entry of FINRA's findings.

This action was brought by Kevin Kulling, Enforcement Senior Regional Counsel, under the supervision of Mark Koerner, Enforcement Regional Chief Counsel.

Comments: (0)

Comment on this story (membership required)

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.solutions.lexisnexis.comvisit www.aciworldwide.comvisit www.atos.net

Top topics

Most viewed Most shared
Deutsche Bank paper hails 'huge' blockchain potentialDeutsche Bank paper hails 'huge' blockchai...
10045 views comments | 16 tweets | 25 linkedin
PSD2: Laying the regulatory foundation for a new age in paymentsPSD2: Laying the regulatory foundation for...
8746 views comments | 17 tweets | 36 linkedin
satelliteRipple completes XRP Lockup
8599 views comments | 3 tweets | 2 linkedin
Alior Bank to use Open API platform and accelerator to create fintech marketplaceAlior Bank to use Open API platform and ac...
7526 views comments | 20 tweets | 11 linkedin
Brits flock to digital-only banksBrits flock to digital-only banks
7150 views 11 comments | 11 tweets | 15 linkedin

Featured job

Find your next job