Chicago Brokerage to Pay $1.5 Million Fine for Lack of Cybersecurity

A Chicago-based futures brokerage will pay $1.5 million for letting cyber criminals breach the firm’s email systems and withdraw $1 million from a customer’s account.

The order from The U.S. Commodities Futures Trading Commission also finds that Phillip Capital Inc. failed to disclose the cyber breach to its customers in a timely manner. The order alsi finds that PCI failed to supervise its employees with respect to cybersecurity policy and procedures, a written information systems security program and customer disbursements.

The order imposes monetary sanctions totaling $1.5 million, which includes a civil monetary penalty of $500,000, and $1 million in restitution. PCI is credited the $1 million restitution based on its prompt reimbursement of the customer funds when the fraud was discovered. The order also requires PCI to, among other things, provide reports to the Commission on its remediation efforts.

“Cybercrime is a real and growing threat in our markets,” said CFTC Director of Enforcement James McDonald. “While it may not be possible to eliminate all cyber threats, CFTC registrants must have adequate procedures in place — and follow those procedures — to protect their customers and their accounts from potential harm.”

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.