The Financial Industry Regulatory Authority (FINRA) announced this week that it has fined Centaurus Financial, Inc. $175,000 for failing to protect confidential customer information. Specifically, between August 2006 and July 2007 Centaurus failed to employ adequate safeguards against infiltration of its fax server containing the information at issue. Examples of the inadequate protection measures include the use of a “weak” username, “Administrator,” and the password “password.” The company’s safety failures resulted in unknown persons conducting a “phishing” scam hosted by Centaurus’s fax server. Additionally, Centaurus’s notification to customers regarding the breach in security was found to have been misleading.
To read the full text of FINRA’s press release regarding this decision, click here.