Source: finra
Complete item: http://www.finra.org/Newsroom/NewsReleases/2009/P118550
Description:
The Financial Industry Regulatory Authority (FINRA) has announced today that it has fined Centaurus Financial, Inc. (CFI), of Orange County, CA, $175,000 for its failure to protect certain confidential customer information. (Editor's Note: Beats Jail Time for the CEO, yes?)
Centaurus was also ordered to provide notifications to affected customers and their brokers and to offer these customers one year of credit monitoring at no cost.
FINRA found that from April 2006 to July 2007, CFI failed to ensure that it safeguarded confidential customer information. Its improperly configured computer firewall - along with an ineffective username and password on its computer facsimile server - permitted unauthorized persons to access stored images of faxes that included confidential customer information, such as social security numbers, account numbers, dates of birth and other sensitive, personal and confidential data.
The firm's failures also permitted an unknown individual to conduct a "phishing" scam. When CFI became aware of the phishing scam, the firm conducted an inadequate investigation and sent a misleading (a phishing?) notification letter to approximately 1,400 affected customers and their brokers.
E-Secure-IT
https://www.e-secure-it.com