WASHINGTON D.C. (CN) – In a turnabout where a trader was charged for a hacker’s success, LPL Financial agreed Thursday to pay $275,000 in a settlement with the Securities and Exchange Commission after hackers gained access to financial information of 10,000 clients. “This case is different from other cases because here the brokerage firm is being charged. Before, charges were pressed against the account intruders” says Diana Tani, the SEC’s Assistant Regional Director of enforcement.
LPL, represented by Steve Topetzes from K&L, is a broker-dealer, an investment advisor, and a transfer agent. It conducts an average of 775,000 trades each month. Like all SEC-registered investment advisers, LPL is required to reasonable safeguard customer information, said assistant director Tani in an interview.
In 2006, the company performed an internal audit, where it found it had inadequate security controls. Still, when the hacking began in July of 2007, the security controls had not been improved.
In addition to the information of customers being exposed, hackers attempted to trade $700,000 in 68 customer accounts. Tani explained that most of the unauthorized trades where detected and terminated. Of the illegal transactions, $98,900 was successfully traded and LPL compensated the affected customers.
Apart from the financial penalty, LPL must hire an independent consultant to ensure it abides by the Safeguards Rule, and adopt a policy to educate its employees and all registered representatives about protecting customer information.
LPL settled without denying or admitting to the charges. Michele Layne and Diana Tani are representing the SEC