SEC orders Equiniti to pay $850K over alleged lax cybersecurity
By 
Adrianne Appel2024-08-21T21:03:00
Equiniti Trust Company has agreed to pay $850,000 to the Securities and Exchange Commission (SEC) to settle allegations that its failed security measures allowed millions in client funds to be stolen in two cyber incidents.
Equiniti, formerly known as American Stock Transfer & Trust Company, experienced two cyber intrusions, in 2022 and 2023, respectively, which led to the loss of more than $6.6 million in client funds, the SEC said a press release Tuesday. American Stock reimbursed clients who experienced losses, the agency noted.
However, it was American Stock’s poor security measures that allowed the intruders to be successful at stealing client assets, the SEC said in its order.
Related articles
-
News BriefGovernment contractor fined $307K after third-party hack compromised personal data
It was a double whammy of cybersecurity no-nos for a federal contractor hit with a data breach: The personal data of Medicare beneficiaries contained in unencrypted screenshots were allegedly compromised when their third-party vendor’s server was hacked.
-
PremiumExpert: Clorox ‘trying to do the right thing’ with rapid cyberattack disclosures
The timing of a recent cyberattack against Clorox juxtaposed against the Securities and Exchange Commission’s adoption of its cybersecurity incident disclosure rule soon to take effect has presented a case study regarding how companies might seek to meet the requirements of the rule.
-
Blog
Some key cyber-security tips for financial firms
As the SEC and FINRA are taking cyber-security much more seriously, John Reed Stark outlines a few ways in which financial firms can also do more to protect their data.
More from Regulatory Enforcement
-
ArticleLarge wound care practice pays $45M, agrees to monitoring
One of the largest wound care practices in the nation and its founder have agreed to pay $45 million and be subjected to third-party monitoring, to settle allegations that the business intentionally overbilled Medicare by priming its electronic medical records system to do so.
-
News BriefSEC dismisses SolarWinds case tied to 2020 cyberattack
The dismissal of charges against SolarWinds for alleged cybersecurity lapses related to a 2020 Russian cyberattack in 2020 are the latest in a continuing pattern of leniency for corporations by the Trump administration.
-
PremiumPart Two: FCPA cases closed by DOJ, SEC since January
Since the start of the Trump Administration, the Department of Justice has been winding down a number of Foreign Corrupt Practices Act investigations with little public attention. This second article further explores how and why these FCPA matters have been closed.