Last July – and I missed this one at the time – Stan Diel reported;
A laptop computer including some Sterne Agee Group Inc. clients’ account numbers, Social Security numbers and other personal information has been missing since the end of May and the firm has offered some customers free identity theft protection services as a result, a letter to clients indicates.
In the letter dated June 27 the Birmingham-based investment banking firm indicates that an employee’s laptop went missing on May 29 or May 30, and that it included unencrypted identifying information about Private Client Group customers whose accounts were open as of May 29. It also may have included information about Sterne Agee & Leach clients whose accounts were open between July 1, 1992 and June 30, 2013, the letter states.
It turns out the breach was an even bigger deal than the media knew at the time. Today, Law360 reports:
The Financial Industry Regulatory Authority accepted a settlement Friday requiring Sterne Agee & Leach Inc. to pay a fine and review its security protocols after a technician left in a restroom an unencrypted laptop containing sensitive information about 352,551 clients.
Sterne Agee will pay a $225,000 fine over the allegations.The regulatory agency said the firm had been aware of the need to protect information stored on laptops for years but that measures to do so were delayed twice pending budgetary approval.
So failure to invest in encrypting laptops cost them $225,000 plus the costs of the data breach itself? Ouch.