In September 2015, the SEC filed a settled enforcement action against R.T. Jones Capital Equities Management for the firm’s alleged failure to “establish the required cybersecurity policies and procedures in advance of a breach that compromised the personally identifiable information (PII) of approximately 100,000 individuals, including thousands of the firm’s clients.” The SEC stated at the time that the R.T Jones matter was its first against a regulated entity for a cybersecurity-related violation.
