A Massachusetts stock broker will pay a $100,000 penalty to the Securities and Exchange Commission for failing to have security software or procedures when intruders stole account information of hundreds of customers and began making transactions with it.
Commonwealth Equity Services LLP of Waltham, Mass., agreed to pay the penalty for failing to have anti-malware software on its reps computers or written security policies to deal with security breaches. Securities brokers and registered investment advisors are required by SEC regulations to have written procedures to protect customer information.
In 2008, intruders stole the login information of a company employee and accessed the Commonwealth Equity network, ordering stock trades from eight accounts and stealing login information for 368 customers. Company staff noticed the unauthorized trades and stopped them, but the incident caused $8,000 in damage.