Units of three broker-dealer and investment advisory firms agreed to pay hundreds of thousands of dollars in penalties to settle charges from the U.S. Securities and Exchange Commission (SEC) over cybersecurity failures, the regulator said on Monday.
The SEC charged KMS Financial Services, five units of financial firm Cetera, and two units of Cambridge Investment Research for failures to adopt and implement cybersecurity policies and procedures that resulted in email account takeovers exposing the personal information of thousands of customers and clients at each firm.
Cetera, Cambridge and KMS did not respond immediately to requests for comment. None of the firms admitted to or denied the findings, the SEC said in a statement.
The Cetera entities agreed to pay $300,000, Cambridge agreed to pay $250,000 and KMS will pay $200,000, the SEC said.