A broker-dealer and investment adviser agreed to pay $1 million to settle SEC charges of failing to (i) protect customer information and (ii) develop and implement a written identity theft prevention program.

Voya Financial Advisors Inc. ("VFA") was charged with "violating the Safeguards Rule and the Identity Theft Red Flags Rule, which are designed to protect confidential customer information and protect customers from the risk of identity theft." According to the SEC Order, one or more persons impersonated independent contractor representatives and were given access to VFA's brokerage customer and advisory client information. The intruder(s) used the VFA contractor representatives' usernames and passwords to log in to the portal and gain access to personally identifiable information for thousands of VFA customers.

In resolving the matter, the SEC took into account the remedial efforts undertaken by VFA.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.