Hacked Investment Advisor Fined $75,000 for Lack of Cyber-Security Measures

October 7, 2015 Advisory

Many in the investment advisory community are following the story of R.T. Jones Capital Equities Management, an investment advisor that, according to the Securities and Exchange Commission (SEC), suffered a hack exposing the personally identifiable information of "approximately 100,000 individuals, including thousands of the firm’s clients."*

The SEC recently announced a resolution with R.T. Jones that included: 

  • Advisor’s agreement to be censured by the SEC; 
  • Payment of a $75,000 penalty; 
  • Advisor’s agreement to cease and desist from violations of Rule 30(a) of Regulation S-P. 

In addition, R.T. Jones agreed to additional remedial measures, including appointing an information security manager, implementing a written information security policy, and taking steps to increase technical security. 

While 100% guaranteed information security is not possible, the SEC did not bring the action against R.T. Jones for failure to meet that 100% standard. Rather, the SEC cited R.T. Jones for allegedly failing to have in place more basic security measures. Among the matters the SEC pointed to were: 

  • The firm failed entirely to adopt written policies and procedures reasonably designed to safeguard customer information." 
  • R.T. Jones "failed to conduct periodic risk assessments…or maintain a response plan for cybersecurity incidents." 

Armstrong Teasdale’s Privacy & Data Security Group offers services to clients, including investment advisors: 

  • Providing the written policies and procedures discussed by the SEC; 
  • Performing client information risk assessments using the Octave Allegro risk assessment methodology, which includes conducting an assessment of the Client’s financial, reputational, operational, regulatory and other risk thresholds, and a scenario-based analysis of the type and relative importance of various risk scenarios; 
  • Building tailored incident response plans which take into account the risk assessment findings; 
  • Working with the client’s management and IT group to understand the technical implications of various cybersecurity issues and decisions; 
  • Providing 24/7 incident response counseling. 

AT’s Privacy & Data Security Group understands that a robust cybersecurity effort requires understanding both the technical and the legal/regulatory challenges. That’s why AT’s legal team includes three lawyers who are also Certified Information Privacy Professionals (CIPP), and two lawyers who are also Certified Ethical Hackers (C|EH). 

*SEC Press Release, found at http://www.sec.gov/news/pressrelease/2015-202.html.

Contact Us
  • Worldwide
  • Boston, MA
  • Denver, CO
  • Dublin, Ireland
  • Edwardsville, IL
  • Jefferson City, MO
  • Kansas City, MO
  • Las Vegas, NV
  • London, England
  • Miami, FL
  • New York, NY
  • Philadelphia, PA
  • Princeton, NJ
  • Salt Lake City, UT
  • St. Louis, MO
  • Washington, D.C.
  • Wilmington, DE
abstract image of world map
Boston, MA
800 Boylston St.
30th Floor
Boston, MA 02199
Google Maps
Boston, Massachusetts
Denver, CO
4643 S. Ulster St.
Suite 800
Denver, CO 80237
Google Maps
Denver, Colorado
Dublin, Ireland
Fitzwilliam Hall, Fitzwilliam Place
Dublin 2, Ireland
Google Maps
Edwardsville, IL
115 N. Second St.
Edwardsville, IL 62025
Google Maps
Edwardsville, Illinois
Jefferson City, MO
101 E. High St.
First Floor
Jefferson City, MO 65101
Google Maps
Jefferson City, Missouri
Kansas City, MO
2345 Grand Blvd.
Suite 1500
Kansas City, MO 64108
Google Maps
Kansas City, Missouri
Las Vegas, NV
1980 Festival Plaza Drive, Suite 750
One Summerlin
Las Vegas, NV 89135
Google Maps
Las Vegas, Nevada
London, England
Royal College of Surgeons of England
38-43 Lincoln’s Inn Fields
London, WC2A 3PE
Google Maps
Miami, FL
355 Alhambra Circle
Suite 1250
Coral Gables, FL 33134
Google Maps
Photo of Miami, Florida
New York, NY
7 Times Square, 44th Floor
New York, NY 10036
Google Maps
New York City skyline
Philadelphia, PA
2005 Market Street
29th Floor, One Commerce Square
Philadelphia, PA 19103
Google Maps
Philadelphia, Pennsylvania
Princeton, NJ
100 Overlook Center
Second Floor
Princeton, NJ 08540
Google Maps
Princeton, New Jersey
Salt Lake City, UT
222 South Main St.
Suite 1830
Salt Lake City, UT 84101
Google Maps
Salt Lake City, Utah
St. Louis, MO
7700 Forsyth Blvd.
Suite 1800
St. Louis, MO 63105
Google Maps
St. Louis, Missouri
Washington, D.C.
1050 Connecticut Avenue NW
Suite 500
Washington, DC 20036
Google Maps
Photo of Washington, D.C. with the Capitol in the foreground and Washington Monument in the background.
Wilmington, DE
1007 North Market Street
Wilmington, DE 19801
Google Maps
Wilmington, Delaware