SEC goes after investment adviser for poor cybersecurity
September 22, 2015
The Securities and Exchange Commission (SEC) settled charges Tuesday with an investment adviser that allegedly failed to properly protect its clients’ data in what might be a first-of-its-kind enforcement action.
Because of the security shortcomings, the SEC alleges, suspected Chinese hackers were able to crack the network of St. Louis-based R.T. Jones Capital Equities Management, accessing roughly 100,000 people’s information.
Officials accused the firm of having no written policies for safeguarding customer information. R.T. Jones, the SEC said, did not conduct regular security risk assessments, encrypt sensitive client data or install a firewall, a common security measure that controls incoming and outgoing network traffic.
Although the SEC could find no evidence that R.T. Jones’s clients were financially harmed because of the breach, the agency chose to take action anyway as part of its burgeoning efforts to pressure companies to tighten their cybersecurity.