{"id":65928,"date":"2018-09-26T00:40:52","date_gmt":"2018-09-26T04:40:52","guid":{"rendered":"http:\/\/www.hedgeco.net\/news\/?p=65928"},"modified":"2018-09-28T01:21:45","modified_gmt":"2018-09-28T05:21:45","slug":"broker-dealer-to-pay-1-million-to-settle-charges-related-to-deficient-cybersecurity-procedures","status":"publish","type":"post","link":"https:\/\/hedgeco.net\/news\/09\/2018\/broker-dealer-to-pay-1-million-to-settle-charges-related-to-deficient-cybersecurity-procedures.html","title":{"rendered":"Broker-Dealer To Pay $1 Million To Settle Charges Related to Deficient Cybersecurity Procedures"},"content":{"rendered":"<p>(HedgeCo.Net) A Des Moines-based broker-dealer and investment adviser has agreed to pay $1 million to settle charges related to its failures in cybersecurity policies and procedures surrounding a cyber intrusion that compromised personal information of thousands of customers.<\/p>\n<p>Voya Financial Advisors Inc. (VFA) has been charged with violating the Safeguards Rule and the Identity Theft Red Flags Rule, which are designed to protect confidential customer information and protect customers from the risk of identity theft.  This is the first SEC enforcement action charging violations of the Identity Theft Red Flags Rule.<\/p>\n<p>According to the SEC\u2019s order, cyber intruders impersonated VFA contractors over a six-day period in 2016 by calling VFA\u2019s support line and requesting that the contractors\u2019 passwords be reset. The intruders used the new passwords to gain access to the personal information of 5,600 VFA customers.  The SEC\u2019s order finds that the intruders then used the customer information to create new online customer profiles and obtain unauthorized access to account documents for three customers.  The order also finds that VFA\u2019s failure to terminate the intruders\u2019 access stemmed from weaknesses in its cybersecurity procedures, some of which had been exposed during prior similar fraudulent activity.  According to the order, VFA also failed to apply its procedures to the systems used by its independent contractors, who make up the largest part of VFA\u2019s workforce.<\/p>\n<p>\u201cCustomers entrust both their money and their personal information to their brokers and investment advisers,\u201d said Stephanie Avakian, Co-Director of the SEC Enforcement Division.  \u201cVFA failed in its obligations when its deficiencies made it vulnerable to cyber intruders accessing the confidential information of thousands of its customers.\u201d<\/p>\n<p>\u201cThis case is a reminder to brokers and investment advisers that cybersecurity procedures must be reasonably designed to fit their specific business models,\u201d said Robert A. Cohen, Chief of the SEC Enforcement Division\u2019s Cyber Unit.  \u201cThey also must review and update the procedures regularly to respond to changes in the risks they face.\u201d Without admitting or denying the SEC\u2019s findings, VFA agreed to be censured and pay a $1 million penalty, and will retain an independent consultant to evaluate its policies and procedures for compliance with the Safeguards Rule and Identity Theft Red Flags Rule and related regulations.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>(HedgeCo.Net) A Des Moines-based broker-dealer and investment adviser has agreed to pay $1 million to settle charges related to its failures in cybersecurity policies and procedures surrounding a cyber intrusion that compromised personal information of thousands of customers. Voya Financial [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16,3,16048],"tags":[],"class_list":["post-65928","post","type-post","status-publish","format-standard","hentry","category-hedgeco-networks-press-releases","category-hedgeco-news","category-hedgecovest-news"],"_links":{"self":[{"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/posts\/65928","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/comments?post=65928"}],"version-history":[{"count":1,"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/posts\/65928\/revisions"}],"predecessor-version":[{"id":65929,"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/posts\/65928\/revisions\/65929"}],"wp:attachment":[{"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/media?parent=65928"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/categories?post=65928"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/tags?post=65928"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}