The Financial Industry Regulatory Authority says it is fining Centaurus Financial Inc. because the firm failed to protect customers’ confidential information. The California-based company must notify brokers and affected customers of the breach and give clients a year of free credit monitoring. Also as part of its settlement with FINRA, Centaurus has agreed to entry of the SRO’s findings. It will also certify with the SRO that its systems and procedures comply with privacy requirements. Centaurus, however, is not denying or admitting to the FINRA charges.
FINRA says that from April 2006 to July 2007, Centaurus neglected to make sure that the computer firewall, password system, and username for its computer fax server were providing the necessary protections. As a result, FINRA contends that persons that lacked the proper authorization were able to gain access to images stored on the faxes that included account numbers, social security data, personal information, and other sensitive, confidential client information.
An unauthorized party was even able to use Centaurus’s fax server to run a “phishing” scheme in July 2007. The scam was intended to fool computer users into giving out their personal information, including credit card information, banking data, passwords, and usernames. Over a 3-day period, 894 unauthorized logins by 459 unique IP addresses occurred after a file simulating a known Internet auction site was loaded to CFI’s fax server.
These schemes are designed to persuade recipients to reveal personal account data. For example, a target might be sent a Web site link or an attachment via email that asks for confidential personal and financial data. The sender or the Web site involved may appear to be legitimate but is actually illegal.
FINRA says that following the “phishing” incidents, Centaurus sent to some 1,400 clients and their brokers letters about the incident but that what they told them was misleading. The SRO contends that rather than admit that the breach of confidentiality occurred because the firm’s protections were inadequate and, as a result, unauthorized logins occurred, Centaurus reported that only one person had unauthorized access to the client information found on the server and that that data was not openly accessible.
Related Web Resources:
FINRA Fines Centaurus Financial $175,000 for Failure to Protect Confidential Customer Information, FINRA, April 28, 2009
Recognize phishing scams and fraudulent e-mail, Microsoft, September 14, 2006 Continue reading