Five years ago, the Securities and Exchange Commission adopted a rule requiring investment firms to pay attention to identity theft. It never enforced it — until late last month.
In a cease-and-desist order against Voya Financial Advisors, the investment advisory unit of Voya Financial, the commission used the “Identity Theft Red Flags Rule” to censure the firm for allowing hackers to access social security numbers, account balances and even details of client investment accounts.
via The S.E.C. Dusts Off a Never-Used Cyber Enforcement Tool – The New York Times.