BreachExchange mailing list archives
FINRA Fines Centaurus Financial $175, 000 for Failure to Protect Confidential Customer Information
From: Steve Tornio <steve () vitriol net>
Date: Fri, 1 May 2009 16:50:58 -0500
http://www.finra.org/Newsroom/NewsReleases/2009/P118550 FINRA Fines Centaurus Financial $175,000 for Failure to Protect Confidential Customer Information Firm Will Provide Free Credit Monitoring to Customers Washington, D.C. — The Financial Industry Regulatory Authority (FINRA) has announced today that it has fined Centaurus Financial, Inc. (CFI), of Orange County, CA, $175,000 for its failure to protect certain confidential customer information. Centaurus was also ordered to provide notifications to affected customers and their brokers and to offer these customers one year of credit monitoring at no cost. FINRA found that from April 2006 to July 2007, CFI failed to ensure that it safeguarded confidential customer information. Its improperly configured computer firewall - along with an ineffective username and password on its computer facsimile server - permitted unauthorized persons to access stored images of faxes that included confidential customer information, such as social security numbers, account numbers, dates of birth and other sensitive, personal and confidential data. The firm's failures also permitted an unknown individual to conduct a "phishing" scam. When CFI became aware of the phishing scam, the firm conducted an inadequate investigation and sent a misleading notification letter to approximately 1,400 affected customers and their brokers. "It is critically important that firms protect confidential customer information and respond appropriately to unauthorized access to their system," said Susan L. Merrill, FINRA Executive Vice President and Chief of Enforcement. "When a firm becomes aware of an unauthorized access, it must conduct an effective review and provide customers with accurate information about that unauthorized access." _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss
Current thread:
- FINRA Fines Centaurus Financial $175, 000 for Failure to Protect Confidential Customer Information Steve Tornio (May 01)