Securities Law Prof Blog

FINRA announced today that it has fined Centaurus Financial, Inc. (CFI), of Orange County, CA, $175,000 for its failure to protect certain confidential customer information. Centaurus was also ordered to provide notifications to affected customers and their brokers and to offer these customers one year of credit monitoring at no cost.  FINRA found that from April 2006 to July 2007, CFI failed to ensure that it safeguarded confidential customer information. Its improperly configured computer firewall - along with an ineffective username and password on its computer facsimile server - permitted unauthorized persons to access stored images of faxes that included confidential customer information, such as social security numbers, account numbers, dates of birth and other sensitive, personal and confidential data. The firm's failures also permitted an unknown individual to conduct a "phishing" scam. When CFI became aware of the phishing scam, the firm conducted an inadequate investigation and sent a misleading notification letter to approximately 1,400 affected customers and their brokers.  CFI's conduct violated federal Regulation S-P and FINRA rules.

Under the terms of the settlement, Centaurus has agreed to provide corrected notifications of the unauthorized accesses to all previously notified customers and brokers and to offer these customers one year of free credit monitoring. In addition, CFI will certify to FINRA that its procedures and systems are in compliance with privacy requirements.  In settling this matter, the firm neither admitted nor denied the charges, but consented to the entry of FINRA's findings

https://lawprofessors.typepad.com/securities/2009/04/finra-fines-member-for-failure-to-protect-customer-information.html