Melissa Pascualini of JacksonLewis writes:
… In a recent settlement agreement with the SEC, a New York-based registered transfer agent, Equiniti Trust Company LLC, formerly known as American Stock Transfer & Trust Company LLC, agreed to pay $850K to settle charges that it failed to assure client securities and funds were protected against theft or misuse.
Equiniti suffered not one, but two separate cyber intrusions in 2022 and 2023, respectively, resulting in a total loss of $6.6 million in client funds.
[…]
In its August 2024 Order, the SEC stated that in both of the above-mentioned instances, American Stock Transfer “did not assure that it held securities in its custody and possession in safekeeping and handled them in a manner reasonably free from risk of theft, and did not assure that it protected funds in its custody and possession against misuse.” The SEC found that the Company’s previous efforts in providing reasonable safeguards by (1) notifying their employees about a rapid increase in fraud attempts industry wide; (2) requiring employees involved in processing client payments to always perform a call-back to the client number on file to verify requests; and (3) warning employees to pay particular attention to email domains and addresses and ensure they match the intended sender were insufficient as although these steps identified mitigation measures, the company fell short of taking additional steps to actually implement the safeguards and procedures outlined for their employees.
Read more at Workplace Privacy, Data Management & Security Report.