Eight firms had email account takeovers, exposing personal information of thousands of customers and clients; a penalty of $300,000 was issued for failing to implement cybersecurity policies and procedures to protect custom records and review communications to advisory clients, a penalty of $250,000 was imposed for failing to implement firm-wide enhanced security measures for cloud-based email accounts, and a penalty of $200,000 was issued for failing to adopt written policies and procedures for additional firm-wide security measures for all their email users and incident response.
#FEDERAL #SEC #privacy #data-privacy #value-privacy