SEC Fines Investment Firm $1 Million After Data Breach

In its first enforcement charging a violation of the Identity Theft Red Flags Rule, the SEC has fined a Des Moines-based broker-dealer and investment adviser $1 Million. According to the SEC, hackers were able to impersonate the company’s own contractors by calling its support line and resetting passwords. From there the hackers were able to access personal information of 5,600 company customers, although it is thought to have accessed account documents for just three of them. The breach, according to the SEC, succeeded in part by exploiting security weaknesses that had been exposed during previous fraudulent activity but not corrected. The $1 million fine was part of a settlement in which the company, without admitting the SEC’s findings, also agreed to be censured and retain an independent consultant to evaluate its compliance procedures.