Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

×

Status message

Start your free, no obligation 5-day trial to continue exploring with full access.

SEC charges Voya Financial Advisors with deficient cyber-security procedures

Jaclyn Jaeger | September 26, 2018

In the Securities and Exchange Commission's first enforcement action for violations of the Identity Theft Red Flags Rule, Voya Financial Advisors has agreed to pay $1 million to settle charges for having deficient cyber-security policies and procedures concerning a cyber intrusion that compromised the personal information of thousands of customers.

The SEC on Sept. 26 charged the broker-dealer and investment adviser with violating the Safeguards Rule and the Identity Theft Red Flags Rule, which are designed to protect confidential customer information and protect customers from the risk of identity theft. According to the SEC’s order, cyber intruders impersonated VFA contractors over a six-day period in 2016 by calling VFA’s support line and requesting that the contractors’ passwords be reset. The intruders used the new passwords to gain access to the personal information of 5,600 VFA customers.

The SEC’s order finds that the intruders then used the customer...

Read this single article for $49, or click the subscribe button below to review subscription options.

Enjoy unlimited access to thousands of articles, browse five years of digital magazines, qualify for reduced admission to events, and more.