DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

CFTC Fines Interbank for Security Breach

Posted on June 30, 2009 by Dissent

The U.S. Commodity Futures Trading Commission today simultaneously filed and settled charges against Interbank FX, LLC (Interbank), ordering Interbank to pay a $200,000 civil monetary penalty for violating rules designed to protect the confidential personal information of consumers. The CFTC order also requires Interbank to establish a comprehensive security program that provides administrative, technical, and physical safeguards for the protection of consumer records and information.

According to the order, in March 2008, an Interbank customer discovered that personal information about herself, such as her name, address, phone number, date of birth, social security number, driver’s license number, and bank account numbers was accessible on the Internet through a Google search. Interbank began an immediate investigation and learned that one of its Information Technology employees had placed files containing the confidential personal consumer information of approximately 13,000 customers and prospective customers on a personal website that was accessible on the Internet for at least a year. This security breach was possible because Interbank did not have policies or procedures directed to the protection of confidential consumer information at the time its employee uploaded the information to the Internet.

Despite a lack of effective procedures, Interbank continuously issued a Privacy Notice to its customers as early as December 2004 that stated erroneously that Interbank maintained safeguards that complied with federal standards to guard customer information. Interbank’s lack of effective procedures and issuance of the erroneous Privacy Notice violated several provisions of the CFTC’s regulations concerning the privacy of consumer financial information.

The order recognizes that Interbank engaged in substantial remedial efforts after discovering the security breach and fully cooperated with the CFTC’s investigation of the matter. The sanctions imposed on Interbank take into account those remedial efforts and cooperation, without which the CFTC would likely have imposed a more severe sanction.

Specifically, in addition to the $200,000 monetary penalty, the order requires Interbank to establish, implement, and maintain a documented comprehensive security program that addresses administrative, technical, and physical safeguards for the protection of consumer information. It further requires Interbank to obtain an assessment of that program from a certified security professional within 180 days of the entry of the order and annually for the next five years.

“This order recognizes that the CFTC takes very seriously the obligations of our registrants to protect the confidential personal information of their customers from public exposure. The undertakings imposed in this order are a model for the industry on how to maintain a comprehensive security program that safeguards private consumer information,” commented CFTC Acting Director of Enforcement Stephen Obie.

The CFTC thanks the National Futures Association for its cooperation in this matter.

The following Division of Enforcement staff was responsible for this matter: Elizabeth M. Streit, Joy McCormack, Rosemary Hollinger, and Richard Wagner.

Source: CFTC Press Release

Prior coverage: Interbank FX security breach leaves some customers files unsecured — for 9 months

Category: Breach IncidentsExposureFinancial SectorOf Note

Post navigation

← Blood Samples Raise Questions of Privacy
Prescription Database Breach Could Cost Contractor →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide
  • Russian national and leader of Qakbot malware conspiracy indicted in long-running global ransomware scheme
  • Texas Doctor Who Falsely Diagnosed Patients as Part of Insurance Fraud Scheme Sentenced to 10 Years’ Imprisonment
  • VanHelsing ransomware builder leaked on hacking forum
  • Hack of Opexus Was at Root of Massive Federal Data Breach
  • ‘Deep concern’ for domestic abuse survivors as cybercriminals expected to publish confidential abuse survivors’ addresses
  • Western intelligence agencies unite to expose Russian hacking campaign against logistics and tech firms
  • Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • Privilege Under Fire: Protecting Forensic Reports in the Wake of a Data Breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach
  • Drugmaker Regeneron to acquire 23andMe out of bankruptcy

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.