The Securities and Exchange Commission today sanctioned eight firms in three actions for failures in their cybersecurity policies and procedures that resulted in email account takeovers exposing the personal information of thousands of customers and clients at each firm. The eight firms, which have agreed to settle the charges, are: Cetera Advisor Networks LLC, Cetera Investment Services LLC, Cetera Financial Specialists LLC, Cetera Advisors LLC, and Cetera Investment Advisers LLC (collectively, the Cetera Entities); Cambridge Investment Research Inc. and Cambridge Investment Research Advisors Inc. (collectively, Cambridge); and KMS Financial Services Inc. (KMS). All were Commission-registered as broker dealers, investment advisory firms, or both.
Source: SEC.gov | SEC Announces Three Actions Charging Deficient Cybersecurity Procedures