August 31, 2021
SEC Charges Firms for Cybersecurity Deficiencies
SEC charges three firms for cyber deficiencies when phishing attacks and credential stuffing resulted in the firms’ cloud-based email accounts being compromised and client PII exposed. Enforcement penalties ranged from $200k to $300k per firm, revealing that the SEC means business when it comes to enforcing expectations for cyber controls.