The Financial Industry Regulatory Authority has imposed fines on two insurer affiliates in connection with allegations that they failed to protect customer information.
FINRA, Washington, says Lincoln Financial Securities Inc., Concord, N.H., a company previously known as Jefferson Pilot Services Corp., has agreed to pay $450,000 to settle the matter.
Lincoln Financial Securities agreed to the settlement without either admitting or denying the FINRA findings, according to a copy of a letter of acceptance posted on the FINRA website.
A related company, Lincoln Financial Advisors Corp., Fort Wayne, Ind., agreed to pay a $150,000 fine.
Like Lincoln Financial Securities Lincoln Financial Advisors has agreed to settle the matter without either admitting or denying the FINRA findings.
Lincoln Financial Securities and Lincoln Financial Advisors are subsidiaries of Lincoln National Life Insurance Company, which is, in turn, a unit of Lincoln National Corp., Radnor, Pa. (NYSE:LNC).
FINRA found that current and former employees of the firms could get to customer account records through any Web browser by using shared login credentials.
From 2002 to 2009 at Lincoln Financial Securities and from 2007 to 2009 at Lincoln Financial Advisors, employees at the companies retrieved 1 million customer records through the shared credentials, FINRA says.
Neither Lincoln Financial Securities nor Lincoln Financial Advisors could track how many employees, or which employees, gained access to the customer record site during this period, FINRA says.
The shared credentials system put confidential customer information, including Social Security numbers and account balances, at risk, FINRA says.
Lincoln Financial Security also failed to require brokers working remotely to install security application software on personal computers used to conduct the firm’s securities business, FINRA says.
Lincoln, the parent company, says in a statement that it is committed to protecting client confidentiality.
Neither Lincoln Financial Advisors nor Lincoln Financial Security had any cause to believe that information about their clients had been acquired or misused by any unauthorized person, Lincoln says.
“Upon learning of the data vulnerabilities, each company took prompt and aggressive action to improve data security and strengthen its security policies and procedures across its information technology platforms,” Lincoln says. “In addition, as a precaution, the companies voluntarily notified potentially affected former and current clients about the data vulnerability and offered them up to one year of continuous credit monitoring and, if necessary, identity theft consultation and restoration services, at no cost.”