WASHINGTON—The U.S. Securities and Exchange Commission has charged three financial services companies for failing to uphold cybersecurity procedures, which resulted in the exposure of thousands of customers' personal information.
The SEC announced it has sanctioned the broker-dealer and investment advisory firms in three actions for cybersecurity failures after threat actors gained unauthorized access to personally identifiable information (PII) for customers and clients by hacking into cloud-based email accounts. The three companies, Cetera Financial Group, Cambridge Investment Research and KMS Financial Services Inc., have agreed to settle the charges without admitting to or denying the SEC's findings. Individual fines waver from $200,000 to $300,000.
The findings include violations against regulations designed to protect confidential customer information like the Safeguards Rule, as well as improper breach notification to clients. The Safeguards Rule requires every broker-dealer and investment adviser registered with the SEC to adopt written policies and procedures reasonably designed to safeguard customer records and information, Tech Target reported.