Chicago Broker Fined $1.5m for Inadequate Cybersecurity

A US futures and securities clearing broker has been slapped with a $1.5m fine for failing to implement and enforce adequate cybersecurity measures. 

An investigation into Phillip Capital Incorporated (PCI) by the US Commodity Futures Trading Commission (CFTC) revealed a culture in which employees were not monitored to ensure that the cybersecurity of the business was protected and maintained.

Inadequate cybersecurity measures put in place within the Chicago-based company were found to be partially responsible for a data breach and the theft by cyber-criminals of $1m in PCI customer funds. 

The theft occurred when one of the company's IT engineers fell victim to a phishing email. The CFTC criticized PCI for taking too long to report the crime to customers after it happened in early 2018.  

On September 12, 2019, the CFTC issued an order that filed and simultaneously settled charges against PCI "for allowing cyber criminals to breach PCI email systems, access customer information, and successfully withdraw $1 million in PCI customer funds," and also for failing to disclose the breach to its customers "in a timely manner."

In a statement published on its website, the CFTC said that "the order finds that PCI failed to supervise its employees with respect to cybersecurity policy and procedures, a written information systems security program, and customer disbursements."

PCI was issued a civil monetary penalty of $500,000 and ordered to pay $1m in restitution. The broker was credited with the $1m restitution "based on its prompt reimbursement of the customer funds when the fraud was discovered."

Support the originator by clicking the read the rest link below.