Breaking News

M Holdings to pay $325k fine to settle SEC charges for deficient cybersecurity procedures
New York State DFS authorizes MoonPay to provide digital asset custody and OTC trading services
Blueberry sponsors Bonds Flying Roos Australia SailGP Team
Kraken takes aim at banks with new Krak Card
Paxos acquires Fordefi
computer_code_hacker

M Holdings to pay $325k fine to settle SEC charges for deficient cybersecurity procedures

0 Comments


The Securities and Exchange Commission (SEC) today announced that M Holdings Securities, Inc., a Portland, Oregon-based broker-dealer and investment adviser, has agreed to settle charges that between July 2019 and March 2024, it failed to maintain reasonably designed policies and procedures concerning cybersecurity, the protection of customer information, and identity theft prevention.

Several of M Holdings’ branch offices experienced email account takeovers during this time period by unauthorized third parties that exposed records and personally identifiable information of approximately 8,500 individuals, including a significant number of customers.

According to the SEC’s order, M Holdings provides brokerage and investment advisory services through a nationwide network of registered representatives and investment adviser representatives who operate out of 120 branch offices known as “member firms.”

As the order finds, M Holdings did not have any written policies and procedures to govern information security across its member firms before September 2020, when it adopted its first information security policy that required member firms to adopt their own information security policies and controls.

The order finds that this new policy was not reasonably designed because, as M Holdings was aware, a significant number of member firms, including those that experienced email account takeovers, continued to lack required information security policies and controls, such as multi-factor authentication, annual security awareness training, and written incident response policies, through March 2024.

The order also finds that M Holdings had a deficient Identity Theft Prevention Program because it did not develop or implement reasonable policies and procedures to ensure its program was updated periodically to reflect changes in risks related to identity theft from ongoing cybersecurity incidents and did not periodically determine whether the firm offered or maintained covered accounts.

The SEC’s order finds that M Holdings violated Rule 30(a) of Regulation S-P (17 C.F.R. § 248.30(a)) and Rule 201 of Regulation S-ID (17 C.F.R. § 248.201). Without admitting or denying the SEC’s findings, M Holdings agreed to cease and desist from committing or causing any violations and any future violations of Rule 30(a) of Regulation S-P and Rule 201 of Regulation S-ID, be censured, and pay a civil penalty of $325,000.


Maria Nikolova

Maria has been engaged in journalism for more than 17 years, providing Forex industry coverage for the past 10 years. Before joining FNG she was Managing Editor at FinanceFeeds. Prior to that, she worked at LeapRate. Maria has a Philosophy degree from the St. Kliment Ochridski university in Sofia. She has specialized in Cognitive Science in Vienna. Her interests include psychology, AI, and linguistics.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Don't miss out!

Don't miss out!

Get FNG's daily newsletter to receive notice of all articles like this one, in a concise daily email.

Subscribe now!

You have Successfully Subscribed!