Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Email Security

SEC Sanctions Several Companies Over Email Account Hacking

The U.S. Securities and Exchange Commission (SEC) this week announced sanctions against several companies over cybersecurity failures that resulted in email accounts getting hacked and the exposure of customer information.

The U.S. Securities and Exchange Commission (SEC) this week announced sanctions against several companies over cybersecurity failures that resulted in email accounts getting hacked and the exposure of customer information.

A total of eight entities belonging to three companies have been sanctioned by the SEC, including Cetera (Advisor Networks, Investment Services, Financial Specialists, Advisors, and Investment Advisers), Cambridge Investment Research (Investment Research and Investment Research Advisors), and KMS Financial Services.

According to the SEC, Cetera exposed the personal information of at least 4,388 customers and clients between November 2017 and June 2020. In this timeframe, unauthorized third parties managed to hack into more than 60 cloud-based email accounts belonging to Cetera staff. The SEC was also unhappy with the fact that the breach notifications sent out by some of the Cetera companies were misleading in regards to when the breach was disclosed.

As for Cambridge Investment Research, the firms had more than 121 email accounts hijacked between January 2018 and July 2021, resulting in the exposure of information belonging to at least 2,177 customers and clients. While the first breach was discovered in January 2018, the SEC said Cambridge had failed to take action to improve protection for email accounts until 2021.

In the case of KMS, 15 financial advisers or their assistants had their email accounts hacked between September 2018 and December 2019, resulting in the exposure of information belonging to nearly 5,000 clients and customers. The SEC also determined that the company failed to implement additional security measures until August 2020.

The agency said each of the companies violated rules regarding the protection of confidential customer information, and Cetera also violated a rule related to breach notifications.

“Without admitting or denying the SEC’s findings, each firm agreed to cease and desist from future violations of the charged provisions, to be censured and to pay a penalty,” the SEC said.

Cetera will pay $300,000, Cambridge will pay $250,000, and KMS will pay a $200,000 penalty.

Advertisement. Scroll to continue reading.

Related: US Expels Russian Diplomats, Imposes Sanctions for Hacking

Related: U.S. Treasury Sanctions Russian Institute Linked to Triton Malware

Related: European Union Extends Framework for Cyberattack Sanctions

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.