Data leakage? Fine of 375,000 USD.

The Financial Industry Regulatory Authority (FINRA) has fined brokerage firm Davidson & Co. for data leakage in 2007 which resulted in exposure of personal data of nearly 200,000 clients of Davidson & Co.

The attack focused on the firm’s data server which was also a Web server of Davidson & Co. All the data, such as account numbers, addresses, names and social insurance numbers were stored on the server in an unprotected form and was easily readable.

The firm learned of the leakage in January 2008 when one of the attackers tried to blackmail them for their not publicly releasing the whole attack.

FINRA stated that Davidson & Co. was fined due to failure to implement well-known and recommended security measures for protecting customer data, namely data encryption. It was also revealed that the company technicians left a default password set by the producer on the server.

According to FINRA, companies can be fined even more in a similar case. Davidson & Co. acted fast and cooperated with the authorities and investigators right after learning about the incident which was taken into account.

(source www.finra.org)