SEC makes its first data-breach clampdown

Iowa-based brokerage Voya Financial got slapped by the feds with a $1 million penalty over a data breach that exposed the personal data of 5,600 clients.

The Wednesday settlement is believed to be the first Securities and Exchange Commission action that clamps down on a financial firm for not securing its customers’ data. It comes just over a year after Equifax exposed the private information of 143 million customers.

Using phone numbers that were already associated with fraudulent activity, hackers managed to impersonate Voya’s contractors over six days in 2016, getting new passwords for three accounts on Voya’s customer information portal, according to the SEC.

The hackers were then able to access the personally identifiable information of at least 5,600 customers — including their addresses, birthdays, last four digits of their Social Security numbers, and email addresses, according to the SEC.
“VFA failed in its obligations when its deficiencies made it vulnerable to cyber intruders accessing the confidential information of thousands of its customers,” Stephanie Avakian, the SEC’s co-director of enforcement, said in a statement.
Parent company Voya, based in Des Moines, is one of the top 25 brokerage firms in the US, according to Investment News. The company has about $480 billion in assets under management or advisement, according to its website.

For 2,000 of the customers, the hackers were able to view the full Social Security numbers and other government-issued ID numbers, according to the settlement.

Hackers were also able to edit and copy financial information through forms on the website, according to the settlement.

Voya outsourced its cybersecurity to other companies, didn’t train its own IT staff properly, and its policies weren’t “reasonably designed” to stop cyberattacks, the SEC said.

Even after the company found the hackers in their systems...

Read The Full Article 

 

0 Comments Write your comment

    1. Loading...