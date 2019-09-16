Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

Chicago Broker Fined $1.5m for Inadequate Cybersecurity

A US futures and securities clearing broker has been slapped with a $1.5m fine for failing to implement and enforce adequate cybersecurity measures. 

An investigation into Phillip Capital Incorporated (PCI) by the US Commodity Futures Trading Commission (CFTC) revealed a culture in which employees were not monitored to ensure that the cybersecurity of the business was protected and maintained.

Inadequate cybersecurity measures put in place within the Chicago-based company were found to be partially responsible for a data breach and the theft by cyber-criminals of $1m in PCI customer funds. 

The theft occurred when one of the company's IT engineers fell victim to a phishing email. The CFTC criticized PCI for taking too long to report the crime to customers after it happened in early 2018.  

On September 12, 2019, the CFTC issued an order that filed and simultaneously settled charges against PCI "for allowing cyber criminals to breach PCI email systems, access customer information, and successfully withdraw $1 million in PCI customer funds," and also for failing to disclose the breach to its customers "in a timely manner."

In a statement published on its website, the CFTC said that "the order finds that PCI failed to supervise its employees with respect to cybersecurity policy and procedures, a written information systems security program, and customer disbursements."

PCI was issued a civil monetary penalty of $500,000 and ordered to pay $1m in restitution. The broker was credited with the $1m restitution "based on its prompt reimbursement of the customer funds when the fraud was discovered."

The commission's investigation into PCI may be over, but the CFTC plans to keep an eye on the registered futures commission merchant's cybersecurity practices. The order filed by the CFTC requires PCI to provide reports to the commission on its remediation efforts. 

"Cybercrime is a real and growing threat in our markets," said CFTC director of enforcement James McDonald. "While it may not be possible to eliminate all cyber threats, CFTC registrants must have adequate procedures in place—and follow those procedures—to protect their customers and their accounts from potential harm."

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Symantec Axes Hundreds of US Jobs

2
News

Cybersecurity Firm Employees Charged with Burglary of Courthouse Client

3
News

Iranian Threat Group Targets 380 Global Universities

4
News

Israeli Cops Arrest Cyber Surveillance Vendor’s Employees

5
News

Marketer Exposes 198 Million Car Buyer Records

6
News

Mirai and SMB Attacks Dominate 1H 2019

1
News

City Blocks Email Account of Alderman Who Refuses Cybersecurity Training

2
News

Data of Virtually All Ecuadoreans Leaked Online

3
News

Chicago Broker Fined $1.5m for Inadequate Cybersecurity

4
Opinion

#HowTo Combat the Insider Threat

5
News

Israeli Cops Arrest Cyber Surveillance Vendor’s Employees

6
News

US Slaps Sanctions on Three North Korean Cyber Groups

1
Webinar

How SOAR Can Improve Security Operations, Monitoring & Incident Response

2
Webinar

Moving from FTP to MFT for Security, Functionality and Data Transfer Compliance

3
Webinar

Mitigating the Spear-Phishing Attack Threat

4
Webinar

DNS: From Security Risk to Defensive Asset

5
Webinar

Preventing Email Data Breaches: A Modern Approach

6
Webinar

Mastering the Security Art of Identity, Access & Authentication

1
Blog

Security by Sector: Jaguar Land Rover & BlackBerry Seek to Improve Security in Manufacturing of Next-Gen Vehicles

2
Opinion

Keeping Data Secure in the Oil and Gas Industry

3
Interview

Life Of: A Software Testing Lab

4
Opinion

#GartnerSEC: How to Keep Your Job After a Cyber-Attack

5
Blog

NIS Directive: One Year On – Has it Been Enough?

6
Interview

Interview: Cory Cowgill, CTO, Fusion Risk Management