A bizarre episode involving accused computer criminals from Latvia, stolen customer data and attempted blackmail has resulted in a big headache for prominent Northwest broker/dealer D.A. Davidson & Co.
The Financial Industry Regulatory Authority (FINRA) on Tuesday fined D.A. Davidson $375,000 for failing to protect confidential customer information by allowing computer hackers to improperly access personal data of approximately 192,000 clients.
D.A. Davidson is a broker/dealer and regional investment bank based in Great Falls, Montana. But the firm has a significant presence in Oregon, with eight offices in the state and a 105-employee investment banking operation in Lake Oswego.
The computer hackers allegedly broke into a D.A. Davidson server on Christmas Day 2007.
Jacquie Burchard, spokeswoman for Davidson, said the invaders used a sophisticated technique law enforcement officials had seldom before seen.
The hackers got access to names, customer account and social security numbers, addresses and dates of birth.
D.A. Davidson didn't realize it had been hacked until Jan. 16, when a quartet of Latvians allegedly attempted to blackmail the firm. "They wanted money, lots of money," Burchard said.
The firm quickly notified law enforcement as well as its customers. D.A.Davidson assisted the Secret Service in identifying the four suspects, three of whom have since been extradited to the U.S., where they face criminal charges in federal court in Montana.
FINRA alleges that in 2006, 18 months before the successful hack, D.A. Davidson officials were advised by consultants that they should upgrade their computer security system.
The firm implemented the majority of those suggestions. But it did not install an intrusion-detection system recommended by the consultants, FINRA claims.
Burchard said the firm had been reassured by its IT consultant just weeks before the attack that its computer security was adequate. The consultant had tried without success to breach the firm's computer system.
Suzanne Elovic, FINRA chief counsel, said that in levying the fine, the agency took into consideration D.A. Davidson's' cooperation with law enforcement and its quick alert to customers.
Elovic and Burchard agreed that to date, it's not clear any D.A. Davidson customer has lost money or otherwise been harmed by the security breach.
Nevertheless, some customers sued the brokerage over the breach. The matter was settled last November. The firm agreed to make $1 million available to cover any damages suffered by its clients.
- Jeff Manning
If you purchase a product or register for an account through a link on our site, we may receive compensation. By using this site, you consent to our User Agreement and agree that your clicks, interactions, and personal information may be collected, recorded, and/or stored by us and social media and other third-party partners in accordance with our Privacy Policy.