BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

FINRA Fines Centaurus Financial $175, 000 for Failure to Protect Confidential Customer Information

From: Steve Tornio <steve () vitriol net>
Date: Fri, 1 May 2009 16:50:58 -0500

http://www.finra.org/Newsroom/NewsReleases/2009/P118550

FINRA Fines Centaurus Financial $175,000 for Failure to Protect  
Confidential Customer Information
Firm Will Provide Free Credit Monitoring to Customers



Washington, D.C. — The Financial Industry Regulatory Authority (FINRA)  
has announced today that it has fined Centaurus Financial, Inc. (CFI),  
of Orange County, CA, $175,000 for its failure to protect certain  
confidential customer information. Centaurus was also ordered to  
provide notifications to affected customers and their brokers and to  
offer these customers one year of credit monitoring at no cost.



FINRA found that from April 2006 to July 2007, CFI failed to ensure  
that it safeguarded confidential customer information. Its improperly  
configured computer firewall - along with an ineffective username and  
password on its computer facsimile server - permitted unauthorized  
persons to access stored images of faxes that included confidential  
customer information, such as social security numbers, account  
numbers, dates of birth and other sensitive, personal and confidential  
data. The firm's failures also permitted an unknown individual to  
conduct a "phishing" scam. When CFI became aware of the phishing scam,  
the firm conducted an inadequate investigation and sent a misleading  
notification letter to approximately 1,400 affected customers and  
their brokers.



"It is critically important that firms protect confidential customer  
information and respond appropriately to unauthorized access to their  
system," said Susan L. Merrill, FINRA Executive Vice President and  
Chief of Enforcement. "When a firm becomes aware of an unauthorized  
access, it must conduct an effective review and provide customers with  
accurate information about that unauthorized access."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently 
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss
Previous By Date Next
Previous By Thread Next

Current thread: