A securities brokerage and insurance company in New York will pay a $ 3 million fine to the New York Department of Financial Services for exposing its clients' personal information in four cybercrimes, two of which never reported to the department, which
DFS said in a statement on Wednesday that its investigation of National Securities Corp. revealed evidence of the four cybercrimes between 2018 and 2020, which involved unauthorized access to the email accounts of its employees and independent contractors, who have access to a significant amount of sensitive personal data.
DFS stated that National Securities violated the department's cyber security rules by failing to implement multifactor authentication and by failing to implement equivalent or more secure access controls approved by the company's Chief Information Security Officer.
As part of the settlement, in addition to paying $ 3 million, National Securities, a unit of B. Riley Financial Inc., began further improvements to its cyber security program to comply with the department's cyber security rules.
The Regulation, which entered into force in March 201
National Securities said in a statement: “Maintaining the trust of our valued clients is still our top priority. The strength of our cyber security program is important to us, and we take the security of customer information very seriously. National announced earlier and addressed the concerns of the small number of potentially affected individuals.
The company also stated that it has engaged a third party to conduct a cybersecurity assessment and that it “continues to devote significant resources to further strengthen its cyber position. , including the adoption of additional training methods, more robust controls and governance policies.