A Lincoln Financial Group subsidiary agreed to pay $650,000 to the Financial Industry Regulatory Authority (FINRA) to resolve allegations that it failed to implement sufficient security policies to protect confidential customer information after its web-based customer account database was hacked in 2012. The 2012 breach came on the heels of a $600,000 fine, imposed by FINRA in 2011, for lax security measures relating to its customer database.
CONDUCT
From 2002 to 2009, employees of Lincoln Financial Securities, Inc. (“LFS”) and affiliated firm Lincoln Financial Advisors Corporation (collectively, “the firms”) were able to access customer account details by means of shared user names and passwords. More than one million customer account records were accessed using the shared credentials during this time period. The firms did not track who had access to the login credentials so they had no way of knowing how many or which employees accessed customer data. No policies were in place to change the shared credentials when an employee left the firm or was terminated. In February 2011, FINRA imposed a $450,000 fine on LFS to resolve these shortcomings; Lincoln Financial Advisors was fined $150,000.
Leave a Reply