SEC’s Inspector General Report Exposes Cyber and Data Security Vulnerabilities
Elevates security concerns ASA’s raised regarding collection of retail investor data by the Consolidated Audit Trail (CAT) database.
DALLAS – The American Securities Association (ASA) today sent a letter to the Securities and Exchange Commission (SEC) raising concerns following a semi-annual report from the Commission’s Inspector General (IG) detailing alarming examples of SEC employees and contractors violating cybersecurity safeguards and misusing data.
“The SEC’s IG Report shines the light on a troubling pattern of data security breaches that should concern every investor,” said ASA CEO Chris Iacovella. “This concern is heightened as the SEC continues to move forward with the collection of retail investor personally identifiable information by the CAT, a Washington database that houses the most sensitive personal and trading information of every American investor.”
“We understand how hard it is for any organization, no matter how sophisticated, to completely protect information from cyber criminals or other leaks. However, the reality is that choosing to put the sensitive personal information of every retail investor in America in one location creates such a tempting target for cyber criminals that a breach is almost inevitable,” Iacovella wrote in the letter. “The SEC must end this risk to investors and our markets by prohibiting the collection of any retail investor PII by the CAT.”
The report details alarming examples of SEC employees and contractors (1) violating SEC rules regarding confidentiality of PII and (2) making unauthorized disclosures of nonpublic information. These include:
1. A former senior SEC employee who, prior to leaving the SEC, downloaded nonpublic information regarding an investigation to gain favor with future employers. The employee was ultimately charged and sentenced to imprisonment of time served;
2. An SEC employee sending sensitive employee PII and human-resource related records to their personal email account. SEC management ultimately recommended dismissal of the employee after an IG investigation;
3. A former SEC employee taking nonpublic SEC email and documents without authorization prior to departing the SEC. The former employee ultimate plead guilty and was sentenced to 1-year of supervised probation;
4. A former contract employee sending nonpublic information regarding SEC systems, contracts, and procurements, to their personal email account; and
5. A former contractor who inappropriately – and in violation of SEC policy – recorded a meeting with the Office of Market Intelligence on their personal phone where nonpublic market information was discussed.
To read ASA’s full letter to the SEC, click here.
ASA’s regional financial services companies work in communities across the country to create jobs, grow the economy, and increase prosperity for all Americans. The ASA exclusively represents the capital market and private client interests of its members and seeks to promote free market principles making it easier to access financial advice and capital. ASA members help Americans save for retirement, provide Main Street businesses with capital to grow, and advise hardworking Americans how to create and preserve wealth. For the latest updates follow @AmerSecurities and learn more at http://americansecurities.org/.