BIG DATA | BUSINESS INTELLIGENCE | DATA INTEGRATION | DATA MGMT | DATA MODELING | DATA QUALITY | FINANCIAL SERVICES | GOVERNANCE, RISK & COMPLIANCE | HEALTH CARE
By Tom Steinert-Threlkeld
FEB 18, 2011 8:58am ET

Related Links

Oracle to Buy Social SaaS Provider Vitrue
May 24, 2012
Obama: Better Federal Data Quality, Availability within Year
May 23, 2012
Bloomberg Launches Data Management Service with PolarLake Buy
May 23, 2012

Web Seminars

The Big Deal About Big Data Governance
Available On Demand
Treating Big Data Performance Woes with the Data Replication Cure
Available On Demand
The Role of Data Virtualization in a World of Big Data
June 6, 2012

1 Million Accounts Left Unprotected by Brokerage Firm

Print
Reprints
Email

The Financial Industry Regulatory Authority has fined a Lincoln Financial brokerage firm and a Lincoln Financial advisory firm a total of $600,000 for failing to protect 1 million customer records from being accessed improperly through Internet browsers.

The independent regulator of brokers said it fined Lincoln Financial Securities of Concord, N.H., $450,000 and Lincoln Financial Advisors of Fort Wayne, Ind., $150,000 for failure to protect customer information from public access.

In addition, FINRA said LFS failed to require brokers working remotely to install security software on their personal computers when conducting business.

FINRA found that LFS failed for seven years and LFA for two to keep current and former employees from sharing log-in credentials that permitted them to access customer records from anywhere, using an Internet browers.

LFS and LFA neither admitted nor denied the charges, but consented to the entry of FINRA's findings.

From 2002 through 2009, more than 1 million customer account records belonging to the two firms were accessed through sharing of user names and passwords, FINRA said.

Since neither firm had policies or procedures to monitor the distribution of the shared user names and passwords, they were not able to track how many or which employees gained access to the site during this period of time, FINRA said in a statement.

As a result, names, addresses, social security numbers, account numbers, account balances, birth dates, email addresses and transaction details were at risk.

The Web-based system both firms used combined nonpublic customer account information from various sources and allowed employees to view the customer account information within a single site.

Home office personnel from both firms could access the system either by clicking on a link on the firm's website or could gain access through any Internet browser by going directly to the system's website and logging in with one of the shared user names and passwords.

FINRA also found that LFS and LFA did not have procedures to disable or change the shared user names and passwords on a recurring basis even after a home office employee had been terminated.

Many staff members left the two firms during this period, yet the shared user names and passwords were never changed. The firms also had no way of determining whether former employees continued to access confidential customer information using those same user names and passwords, FINRA said.

Securities and Exchange Commission (SEC) and FINRA rules require every broker-dealer to adopt written policies and procedures that address safeguards for the protection of customer records and information.

Tom Steinert-Threlkeld is the editor-in-chief of Securities Technology Monitor.

Filed under:
GRC
Enterprise Information Management
Security/Identity

Advertisement

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments:
You must be registered to post a comment.
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.
Most Read
Most Emailed

Slide Shows

Expert Insight on Data Integration

Current Buzz about Mobile BI

Twitter
Facebook
LinkedIn

Analytics

Business Intelligence

Customer Experience

Open Source

Predictive Analytics

Data Governance

Data Integration

Data Management

Login  |  My Account  |  White Papers  |  Web Seminars  |  Events |  Newsletters |  eBooks
FOLLOW US
Please note you must now log in with your email address and password.