A Lincoln Financial Group subsidiary has agreed to accept a $650,000 fine levied against it by the Financial Industry Regulatory Authority (FINRA) and to implement more robust security controls for a 2012 hacking that compromised the personal information of approximately 5,400 customers.
According to FINRA, despite paying a $450,000 fine to FINRA in 2011 over its “lax” security measures in its electronic portfolio management system, Lincoln Financial Securities Corp. failed to implement security measures, including written supervisory procedures that would protect its customers’ information, and some of its files were stolen in 2012.
Not only did FINRA criticize Lincoln’s security measures before and after the incident, it further criticized Lincoln’s review of third-party vendors’ security measures to protect Lincoln’s customer information, including its cloud-based vendor. In addition, Lincoln failed to adequately implement, test or verify the security of its cloud vendors. All of these failures, according to FINRA, are violations of FINRA regulations.
This case is important and clear guidance to FINRA regulated entities.