On September 22, the U.S. Securities and Exchange Commission (“SEC”) and R.T. Jones Capital Equities Management, Inc. (“R.T. Jones”), a St. Louis-based investment adviser, settled charges that R.T. Jones failed to adopt “written policies and procedures reasonably designed to protect customer records and information” in connection with a July 2013 data breach in violation of the SEC’s safeguards rule, Rule 30(a) of Regulation S-P (17 C.F.R. § 248.30(a)). The company consented to the entry of an Order Instituting Administrative and Cease-and-Desist Proceedings Pursuant to Sections 203(e) and 203(k) of the Investment Advisers Act of 1940, Making Findings, and Imposing Remedial Sanctions and a Cease-and-Desist Order. Pursuant to the settlement, R.T. Jones was censured and ordered to pay a civil money penalty of $75,000.
According to the SEC order, for almost four years, R.T. Jones maintained personally identifiable information (“PII”) of the company’s clients and others on a web server “without adopting written policies and procedures regarding the security and confidentiality of that information and the protection of that information from anticipated threats or unauthorized access.” The server was attacked in July 2013 by an unauthorized user “who gained access rights and copy rights to the data on the server.” Due to the intrusion, the PII “of more than 100,000 individuals, including thousands of R.T. Jones’s clients, was rendered vulnerable to theft.” For the full article click here
from cyber security caucus http://ift.tt/1OoO5Ha
via IFTTT
No comments:
Post a Comment