For over a year, the Securities and Exchange Commission (FTC) has been actively enforcing the “Safeguards Rule” requiring investment advisers to implement policies and procedures to protect the privacy and security of the information of their clients. In 2015, R. T. Jones Capital Equities Management paid $75,000 to settle SEC charges related to the theft of customer information in a data breach. Now Morgan Stanley Smith Barney has just agreed to pay a million dollars to settle charges that it did not have proper policies and procedures in place to protect customer information resulting in the hacking of 730,000 customer accounts and theft of information including names, phone numbers, addresses, account numbers, account balances and securities holdings.
Regardless of how careful you are about protecting your personal information, you are only as safe and secure as the places that have your personal information with the weakest security. Therefore it is critical whenever you do business with a company that will have sensitive personal information of yours that you inquire as the commitment to security of the company and what it does to protect your data. In this particular data breach while the information itself should not directly result in identity theft, this type of information is often gathered by cybercriminals who use it to craft carefully worded and targeted spear phishing emails that lure their victims into either trusting the email and providing personal information used by the cybercriminals for purposes of identity theft or luring the victims into clicking on malware infested links in the emails that will enable the cybercriminal to steal all of the information from your computer and use it to make you a victim of identity theft.