In a statement the U.S. Securities and Exchange Commission (SEC) said, the units of three broker-dealer and investment advisory firms have agreed to pay hundreds of thousands of dollars in penalties to settle charges over cybersecurity failures.
The SEC had charged KMS Financial Services, along with five units of financial firm Cetera, and two units of Cambridge Investment Research for failures to adopt and implement cybersecurity policies and procedures that resulted in email account takeovers exposing the personal information of thousands of customers and clients at each firm.
Neither Cetera, Cambridge or KMS immediately responded to requests for comments.
None of the firms admitted to or denied the findings, said the SEC in a statement.
The Cetera agreed to pay $300,000; Cambridge agreed to pay $250,000 while KMS will pay $200,000, said the SEC.